Hackread.com1d ago

New XWorm 7.1 and Remcos RAT campaigns are abusing trusted #Windows utilities and memory-based execution to evade detection, giving attackers remote access to infected systems. The campaign also exploits a #WinRAR vulnerability to gain initial access.

Read: https://hackread.com/xworm-7-1-remcos-rat-windows-tools-evade-detection/

#CyberSecurity #Malware #XWorm #RemcosRAT

XWorm 7.1 and Remcos RAT Attacks Abuse Windows Tools to Evade Detection

New XWorm 7.1 and Remcos RAT campaigns abuse trusted Windows tools to evade detection. The attacks exploit a WinRAR flaw and use process hollowing to spy on victims.

Hackread - Cybersecurity News, Data Breaches, AI and More
ANY.RUN1d ago

Top 10 last week's threats by uploads 🌐
⬆️ #Asyncrat 782 (533)
⬆️ #Xworm 431 (350)
⬆️ #Dcrat 427 (268)
⬆️ #Stealc 403 (215)
⬆️ #Vidar 351 (249)
⬆️ #Agenttesla 309 (241)
⬆️ #Gh0st 281 (143)
⬆️ #Remcos 270 (193)
⬆️ #Quasar 187 (158)
⬇️ #Salatstealer 181 (189)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=160326&utm_content=linktoregister#register

#cybersecurity #infosec

ANY.RUNMar 9
Top 10 last week's threats by uploads 🌐
⬆️ #Asyncrat 533 (472)
⬇️ #Xworm 350 (476)
⬇️ #Dcrat 268 (452)
⬆️ #Vidar 249 (227)
⬆️ #Agenttesla 243 (157)
⬆️ #Stealc 215 (212)
⬇️ #Remcos 196 (207)
⬆️ #Salatstealer 189 (183)
⬆️ #Lumma 183 (137)
⬆️ #Quasar 158 (156)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=090326&utm_content=linktoregister#register
OTX BotMar 7

VOID#GEIST Malware Delivers Multiple RATs through Multi-Stage Attack CTIA

VOID#GEIST is actively targeting Windows systems using phishing emails and malicious scripts. It installs remote access trojans such as XWorm,
AsyncRAT and Xeno RAT to allow attackers to control infected computers.

Pulse ID: 69ab76815510954864898d9c
Pulse Link: https://otx.alienvault.com/pulse/69ab76815510954864898d9c
Pulse Author: cryptocti
Created: 2026-03-07 00:51:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AsyncRAT #CyberSecurity #Email #InfoSec #Malware #OTX #OpenThreatExchange #Phishing #RAT #RemoteAccessTrojan #Trojan #Windows #Worm #XWorm #XenoRAT #bot #cryptocti

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
ScumBotsMar 4
#xworm SHA256: 73ecd2c97c00f35d29bba6c34e7f62620da7daba251543db1977e168ec616118 C2: hebasix[.]duckdns[.]org:1177
ANY.RUNMar 2

Top 10 last week's threats by uploads 🌐
⬆️ #Xworm 476 (303)
⬆️ #Asyncrat 472 (363)
⬇️ #Dcrat 452 (527)
⬆️ #Vidar 227 (174)
⬆️ #Stealc 212 (176)
⬇️ #Remcos 208 (262)
⬇️ #Salatstealer 183 (219)
⬇️ #Agenttesla 157 (247)
⬇️ #Quasar 156 (192)
⬇️ #Gh0st 155 (161)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=020326&utm_content=linktoregister#register

#cybersecurity #infosec

ANY.RUNFeb 26

A multi-stage #XWorm infection can start with a “banking receipt” in your inbox ⚠️

In a recent LATAM campaign, steganography, WMI, and .NET-based persistence reduced early visibility and extended dwell time on corporate endpoints.

Read the breakdown: https://any.run/cybersecurity-blog/xworm-latam-campaign/?utm_source=mastodon&utm_medium=post&utm_campaign=xworm_chain&utm_term=260226&utm_content=linktoblog

#cybersecurity #infosec

Show thread𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲Feb 24

@james_inthe_box https://bazaar.abuse.ch/browse/tag/158.94.211.63/

#xworm #SnakeKeylogger

MalwareBazaar | 158.94.211.63

Malware samples associated with tag 158.94.211.63

Martin ReitsmaFeb 24

XWorm malware campaign leverages business-themed for PC infections
XWorm malware campaign leverages business-themed for PC infections
#Xworm #Malware

https://opr.news/7aedf601260224en_us?link=1&client=ex_global

Download Now
https://opr.as/share

XWorm malware campaign leverages business-themed for PC infections

As reported by HackRead, scammers are employing familiar business themes in phishing emails to distribute the advanced XWorm Remote Access Trojan (RAT) and infect Windows PCs. This latest iteration, XWorm 7.2, has been observed on Telegram marketplaces, indicating a growing threat accessible to a wider range of malicious actors.

opera news app
James_inthe_boxFeb 24

#reverseloader #xworm #opendir at:

http://158.94.211\.63/dealer/