Threat Research

In today’s evolving cybercrime landscape, attackers seek the “perfect” malware—lightweight, modular, and highly stealthy. Underground markets quickly adopt tools that offer strong capabilities while maintaining low detection rates. XWorm has become a leading example of this trend....

XWorm v7 RAT is a modular, malware-as-a-service Remote Access Trojan active since 2022, widely adopted by cybercriminals for its ease of deployment and extensive post-compromise capabilities....

XWorm is a multi-functional Remote Access Trojan (RAT) first identified in 2022 and still actively distributed, including via Telegram marketplaces. Once installed, it grants attackers full remote control over compromised Windows systems. This campaign uses phishing emails with social engineering tactics to trick recipients into opening a malicious attachment....

PhantomVAI Loader is a stealthy, multi-stage loader propagated via phishing that uses obfuscated scripts and steganography to hide payloads. Originally called Katz Stealer Loader for delivering Katz Stealer, it has evolved to deliver multiple infostealers (including Katz, AsyncRAT, XWorm, FormBook and DCRat) and is offered as malware-as-a-service....

The XWorm backdoor campaign has shifted from predictable delivery methods to more sophisticated, deceptive techniques. While it still uses phishing emails and .lnk files for initial access, it now disguises malicious executables with legitimate-looking names like 'discord.exe'....

XWorm is a widely used and evolving remote access trojan (RAT) known for features like keylogging, remote access, and data theft. Its modular design, ease of use, and regular updates make it attractive to cybercriminals. Threat actors often use XWorm in attacks on the software supply chain and gaming sectors....

This article explores obfuscation techniques in popular malware families and highlights opportunities for automating the unpacking process. We analyze observed samples, demonstrating how to extract configuration parameters by unpacking each stage. Automating this process would enable sandboxes performing static analysis to retrieve critical malware configuration data....

XWorm Malware Targets United Kingdom’s Hospitality Sector refers to the use of XWorm, a versatile Malware-as-a-Service (MaaS) available on darknet forums, which is being deployed to target businesses within the UK’s hospitality sector. XWorm primarily functions as a Remote Access Tool (RAT), giving attackers control over compromised systems....