Ethical Hacking News
XWorm malware has resurfaced with a ransomware module and over 35 plugins, posing significant threats to cybersecurity. With its modular architecture and extensive capabilities, XWorm continues to be a force to be reckoned with in the threat landscape.
The XWorm malware has resurfaced with a highly versatile and dangerous tool, evolving from its initial design.The latest variants of XWorm are now being distributed through phishing campaigns after the original developer abandoned the project.XWorm is a remote access trojan (RAT) that can steal sensitive data, launch DDoS attacks, and encrypt files with ransomware capabilities.Trelix researchers have noticed an increase in XWorm samples on VirusTotal since June, indicating a high adoption rate among cybercriminals.XWorm's ransomware functionality allows attackers to set a desktop wallpaper, specify the ransom amount, wallet address, and contact email, and avoids system files and folders.
The threat landscape for cybersecurity has recently experienced a significant development with the resurfacing of the XWorm malware, which has been found to have evolved into a highly versatile and dangerous tool. This malicious software was first observed in 2022 but gained widespread attention due to its modular architecture and extensive capabilities.
According to recent research by Trellix, a cybersecurity company that specializes in threat intelligence, the latest variants of XWorm are now being distributed through phishing campaigns after the original developer, XCoder, abandoned the project last year. The malware has been found to have over 35 plugins that extend its capabilities from stealing sensitive information to ransomware.
XWorm is a remote access trojan (RAT) that was initially designed to collect sensitive data such as passwords, cryptocurrency wallets, and financial information. It also allows for tracking keystrokes, stealing clipboard content, and the ability to launch distributed denial-of-service (DDoS) attacks or load other malware. The malware has gained popularity due to its modular structure and extensive capabilities.
Trellix researchers have noticed an increase in XWorm samples on the VirusTotal scanning platform since June, which indicates a high adoption rate among cybercriminals. The malware is now being used in phishing campaigns that utilize various techniques such as legitimate-looking .exe filenames, AI-themed lures, and even Microsoft Excel files.
The ransomware functionality of XWorm allows attackers to set a desktop wallpaper after locking data, specifying the ransom amount, wallet address, and contact email. The encryption process avoids system files and folders, focusing on data in the %USERPROFILE% and Documents locations, before deleting the original file and adding the .ENC extension.
Victims are then provided with instructions to decrypt their data in an HTML file dropped on the desktop, containing details such as the BTC address, email ID, and ransom amount. This level of sophistication highlights the evolving threat landscape and the need for robust cybersecurity measures to protect against such attacks.
The resurfacing of XWorm serves as a reminder of the importance of staying vigilant in our digital defenses. As new variants continue to emerge with advanced capabilities, it is crucial that we stay informed about the latest threats and implement effective security protocols to mitigate their impact.
Related Information:
https://www.ethicalhackingnews.com/articles/XWorm-Malware-Resurfaces-with-Ransomware-Module-Over-35-Plugins-ehn.shtml
https://www.bleepingcomputer.com/news/security/xworm-malware-resurfaces-with-ransomware-module-over-35-plugins/
Published: Mon Oct 6 09:58:53 2025 by llama3.2 3B Q4_K_M
