This analysis was compiled by the Threat Intelligence Unit, utilizing sandbox detonations of XWorm v3.1 samples obtained via the MalwareBazaar database and dark web monitoring. For the latest YARA rules to detect XWorm v3.1, contact your cybersecurity provider.
Targets communication apps like Discord and Telegram to hijack active user sessions. 3. Hidden Desktop (HVNC)
XWorm does not discriminate in its targeting. It has been observed in campaigns affecting healthcare, finance, manufacturing, government, education, and the hospitality sector across multiple countries.The malware has been used to target Ukrainian organizations, industry sectors in the United Kingdom, and has been deployed in ransomware attacks involving LockBit Black builders. xworm v31 updated
Implement robust email filtering to block malicious attachments, specifically targeting ZIP files and office documents containing macros.
Beyond espionage, XWorm V3.1 retains and refines its destructive capabilities: This analysis was compiled by the Threat Intelligence
Once initial access is gained, XWorm utilizes scheduled tasks and registry modifications to ensure it restarts every time the system boots. 4. Detection and Mitigation Strategies
V3.1 checks for sandbox artifacts (Cuckoo, JoeBox, Any.Run) via: Any.Run) via: To download xWorm v3.1
To download xWorm v3.1, please visit our official website. We recommend that all users update to this latest version to take advantage of the new features and security enhancements.