Malware, Phishing, Security Operations

XWorm malware campaign leverages business-themed for PC infections

Email security system identifies phishing attempts, detects suspicious messages, and protects users from data theft and malware through intelligent monitoring and alerts.

As reported by HackRead, scammers are employing familiar business themes in phishing emails to distribute the advanced XWorm Remote Access Trojan (RAT) and infect Windows PCs. This latest iteration, XWorm 7.2, has been observed on Telegram marketplaces, indicating a growing threat accessible to a wider range of malicious actors.

The attack begins with seemingly ordinary emails disguised as payment requests, business queries, or signed bank documents. These emails contain an Excel attachment that exploits a known vulnerability (CVE-2018-0802) when opened. This triggers a script to download a hidden malicious payload concealed within a JPEG image. The malware then employs a technique called process hollowing, replacing the code of a legitimate Windows program, Msbuild.exe, with the XWorm virus. This allows the hacker to gain full remote control of the compromised system, connecting to a control server using AES encryption.

The modular nature of XWorm, allowing for over 50 plugins, makes it a significant threat capable of stealing sensitive data, logging keystrokes, and even launching ransomware or DDoS attacks. Experts highlight that the danger lies not in novel techniques but in the sophisticated assembly of known methods, making enterprise-grade intrusion capabilities widely available. The continued exploitation of legacy Office vulnerabilities underscores the need for consistent software updates and heightened user vigilance against deceptive email attachments.

Source: HackRead

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds