Hackers Use PyInstaller and AMSI Patching to Deliver XWorm RAT v7.4

Hackers are hiding XWorm malware in PyInstaller files to bypass Windows security, steal data and remotely control devices through ads...

Booking.com breach gives scammers what they need to target guests

Travel companies love telling you your data is safe. Booking.com just reminded everyone why that's a hard promise to keep. The Amsterdam-based booking giant began notifying customers on April 13 that "unauthorized third parties" had accessed guest reservation data. The compromised information...

New XWorm 7.1 and Remcos RAT Attacks Abuse Windows Tools to Evade Detection

New XWorm 7.1 and Remcos RAT campaigns abuse trusted Windows tools to evade detection. The attacks exploit a WinRAR flaw and use process hollowing to spy on victims...

Malware-As-A-Service Redefined: Why XWorm is outpacing every other RAT in the underground malware market

Malware-As-A-Service Redefined: Why XWorm is outpacing every other RAT in the underground malware market By Boggavarapu R S S Srinivas Gupta and Ravishankar N C · March 12, 2026 Introduction In the evolving landscape of cybercrime, threat actors are constantly pursuing the "perfect" weapon: malwa...

Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT

Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan RATs payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. The stealthy attack chain has been codenamed VOIDGEIST by...

Hackers Use Excel Exploit to Hide XWorm 7.2 in JPEG Files, Hijack PCs

A new phishing campaign is spreading XWorm 7.2 via malicious Excel files, hiding the malware in Windows processes, and using AES encryption to steal passwords and Wi-Fi keys...

Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware

Security experts have disclosed details of an active malware campaign that's exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers. "Attackers achieve...

xworm-c2-path-traversal

XWorm C2 Path Traversal Vulnerability Affected Versions...

Top 3 Malware Families in Q4: How to Keep Your SOC Ready

Q3 showed sharp growth in malware activity as Lumma AgentTesla and Xworm drove access and data theft forcing SOC teams toward quicker behavior checks...

We opened a fake invoice and fell down a retro XWorm-shaped wormhole

Somebody forwarded an “invoice” email and asked me to check the attachment because it looked suspicious. Good instinct—it was, and what we found inside was a surprisingly old trick hiding a modern threat. What it does If the recipient had opened the attached Visual Basic Script .vbs file, it woul...

RAT-Vulnerabilities

🐀 RAT Vulnerabilities 🐀 --- 🚩 Project overview...

XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities

Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts. "XWorm's modular design is built around a core client and an array of specialized components known as plugins," Trellix...

XWorm V6: Exploring Pivotal Plugins

XWorm V6: Exploring Pivotal Plugins By Niranjan Hegde and Sijo Jacob · October 2, 2025 Introduction In the constantly evolving world of cyber threats, staying informed is not just an advantage; it's a necessity. First observed in 2022, XWorm quickly gained notoriety as a highly effective malware,...

Hackers Use Fake Invoices to Spread XWorm RAT via Office Files

Hackers are sending fake invoice emails with malicious Office files that install the XWorm RAT on Windows systems, allowing full remote access and data theft. Learn how the shellcode and process injection are used to steal data, and how to stay safe from this persistent threat...

Hackers Use XWorm RAT to Exploit Script Kiddies, Pwning 18,000 Devices

Crooks pwning crooks - Hackers exploit script kiddies with XWorm RAT, compromising 18,000+ devices globally and stealing sensitive…...

5 Most Common Malware Techniques in 2024

Tactics, techniques, and procedures TTPs form the foundation of modern defense strategies. Unlike indicators of compromise IOCs, TTPs are more stable, making them a reliable way to identify specific cyber threats. Here are some of the most commonly used techniques, according to ANY.RUN's Q3 2024...

UAC-0184 Strikes Ukraine with XWorm RAT

...

Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs...

TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks

The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others. "The group made extensive use of steganography by...

Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing

Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets. The email messages come with Scalable Vector...