Threat actors have been spreading bogus invoice emails with malevolent Office files to facilitate XWorm RAT infections on Windows systems as part of a new phishing campaign, HackRead reports.Opening the attached file that appears to be corrupted triggers an attack chain, with a concealed component's shellcode downloading the primary executable that loads the second-stage DLL into the targeted device's memory, according to Forcepoint X-Labs researchers.After conducting a reflective DLL injection, XWorm RAT is then injected into the infiltrated system to allow keystroke logging, remote takeovers, and data exfiltration while ensuring persistence and stealth.With XWorm RAT reported to have infected over 18,000 devices worldwide, as well as used Amazon Web Services S3 storage in separate attack campaigns earlier this year, organizations have been urged to be more vigilant of unexpected invoices and attachments, especially those with .xlam or .bin suffixes, as well as ensure up-to-date software.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds