As reported by HackRead, scammers are employing familiar business themes in phishing emails to distribute the advanced XWorm Remote Access Trojan (RAT) and infect Windows PCs. This latest iteration, XWorm 7.2, has been observed on Telegram marketplaces, indicating a growing threat accessible to a wider range of malicious actors.The attack begins with seemingly ordinary emails disguised as payment requests, business queries, or signed bank documents. These emails contain an Excel attachment that exploits a known vulnerability (CVE-2018-0802) when opened. This triggers a script to download a hidden malicious payload concealed within a JPEG image. The malware then employs a technique called process hollowing, replacing the code of a legitimate Windows program, Msbuild.exe, with the XWorm virus. This allows the hacker to gain full remote control of the compromised system, connecting to a control server using AES encryption.The modular nature of XWorm, allowing for over 50 plugins, makes it a significant threat capable of stealing sensitive data, logging keystrokes, and even launching ransomware or DDoS attacks. Experts highlight that the danger lies not in novel techniques but in the sophisticated assembly of known methods, making enterprise-grade intrusion capabilities widely available. The continued exploitation of legacy Office vulnerabilities underscores the need for consistent software updates and heightened user vigilance against deceptive email attachments.Source: HackRead
Malware, Phishing, Security Operations
XWorm malware campaign leverages business-themed for PC infections

(Adobe Stock)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



