New variants of the XWorm backdoor are being distributed through phishing campaigns, with support for multiple malicious plugins. These updates increase the malwareβs capabilities, including data theft, remote control, and ransomware deployment. #XWorm #XCoder #Trellix
Keypoints
- XWorm is a modular remote access Trojan used for data theft and malicious activities.
- The latest versions 6.0, 6.4, and 6.5 are adopted by multiple threat actors post-XCoder abandonment.
- Delivery methods include phishing emails, JavaScript, shellcode in Excel files, and disguised .exe files.
- XWorm now includes over 35 plugins enabling ransomware, data exfiltration, and system control.
- Defense strategies include EDR, web protections, and network monitoring to detect malicious modules and C2 communications.