Search results for xworm trojan download | Breaking Cybersecurity News | The Hacker News

XWorm is a relatively new representative of the remote access trojan cohort that has already earned its spot among the most persistent threats across the globe.  Since 2022, when it was first observed by researchers, it has undergone a number of major updates that have significantly enhanced its functionality and solidified its staying power.  The analyst team at  ANY.RUN  came across the newest version of the malware and could not refuse the opportunity of taking it apart to examine XWorm mechanics configurations. Here is how they did it and what they found.  The XWorm sample's source  The sample in question was discovered in ANY. RUN's database of malware, a repository containing detailed analysis reports on all files and links that have been uploaded by users of the sandbox in public mode.  A quick look at the results of the analysis revealed that the sample was initially distributed via MediaFire, a file-hosting service. The malware was packa...

Malicious actors are using a legitimate Rust-based injector called  Freeze[.]rs  to deploy a commodity malware called XWorm in victim environments. The novel attack chain, detected by Fortinet FortiGuard Labs on July 13, 2023, is initiated via a phishing email containing a booby-trapped PDF file. It has also been used to introduce Remcos RAT by means of a crypter called SYK Crypter, which was first documented by Morphisec in May 2022. "This file redirects to an HTML file and utilizes the 'search-ms' protocol to access an LNK file on a remote server," security researcher Cara Lin  said . "Upon clicking the LNK file, a PowerShell script executes Freeze[.]rs and SYK Crypter for further offensive actions." Freeze[.]rs, released on May 4, 2023, is an  open-source red teaming tool  from Optiv that functions as a payload creation tool used for circumventing security solutions and executing shellcode in a stealthy manner. "Freeze[.]rs utilizes multiple te...

2024 had its fair share of high-profile cyber attacks, with companies as big as Dell and TicketMaster falling victim to data breaches and other infrastructure compromises. In 2025, this trend will continue. So, to be prepared for any kind of malware attack, every organization needs to know its cyber enemy in advance. Here are 5 common malware families that you can start preparing to counter right now. Lumma Lumma is a widely available malware designed to steal sensitive information. It has been openly sold on the Dark Web since 2022. This malware can effectively collect and exfiltrate data from targeted applications, including login credentials, financial information, and personal details. Lumma is regularly updated to enhance its capabilities. It can log detailed information from compromised systems, such as browsing history and cryptocurrency wallet data. It can be used to install other malicious software on infected devices. In 2024, Lumma was distributed through various methods...

Mexican organizations are still being targeted by threat actors to deliver a modified version of AllaKore RAT and SystemBC as part of a long-running campaign.  The activity has been attributed by Arctic Wolf Labs to a financially motivated hacking group called Greedy Sponge . It's believed to be active since early 2021, indiscriminately targeting a wide range of sectors, such as retail, agriculture, public sector, entertainment, manufacturing, transportation, commercial services, capital goods, and banking. "The AllaKore RAT payload has been heavily modified to enable the threat actors to send select banking credentials and unique authentication information back to their command-and-control (C2) server, for the purpose of conducting financial fraud," the cybersecurity company said in an analysis published last week. Details of the campaign were first documented by the BlackBerry Research and Intelligence Team (which is now part of Arctic Wolf) in January 2024, with ...

Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates. French cybersecurity company HarfangLab, which detected the activity at the start of the month, said the attack chains aim to deploy an information stealer known as Lumma. Hijack Loader , also known as DOILoader, IDAT Loader, and SHADOWLADDER, first came to light in September 2023. Attack chains involving the malware loader typically involve tricking users into downloading a booby-trapped binary under the guise of pirated software or movies. Recent variations of these campaigns have been found to direct users to fake CAPTCHA pages that urge site visitors to prove they are human by copying and running an encoded PowerShell command that drops the malicious payload in the form of a ZIP archive. HarfangLab said it observed three different versions of the PowerShell script starting mid-September 2024 - A PowerShell script ...

The first quarter of 2025 has been a battlefield in the world of cybersecurity. Cybercriminals continued launching aggressive new campaigns and refining their attack methods. Below is an overview of five notable malware families, accompanied by analyses conducted in controlled environments. NetSupport RAT Exploiting the ClickFix Technique In early 2025, threat actors began exploiting a technique known as ClickFix to distribute the NetSupport Remote Access Trojan (RAT).  This method involves injecting fake CAPTCHA pages into compromised websites, prompting users to execute malicious PowerShell commands that download and run the NetSupport RAT.  Once installed, this RAT grants attackers full control over the victim's system, allowing activities such as real-time screen monitoring, file manipulation, and execution of arbitrary commands. Main technical characteristics of NetSupport RAT Attackers can view and control the victim’s screen in real time. Uploads, downloads, m...