Summary: A new campaign exploiting a Trojanized version of the XWorm RAT builder has been identified, compromising over 18,000 devices worldwide. The malware, targeting inexperienced users, exfiltrates sensitive data via a Telegram-based command and control system. Researchers managed to utilize a “kill switch” feature but faced challenges in completely disrupting the malware’s operations.
Affected: Global devices and organizations
Keypoints :
- Malware spread through file-sharing services, GitHub, Telegram channels, and YouTube.
- Exfiltrated data included browser credentials, Discord tokens, and system information.
- Advanced features facilitate system reconnaissance, data exfiltration, and command execution.
- Recommendations for protection include using EDR solutions and blocking malicious URLs.
- XWorm has been linked to Russian cyber operations against Ukraine.
Source: https://hackread.com/hackers-script-kiddes-xworm-rat-compromise-devices/