Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. It can steal sensitive data (e.g., login credentials), deploy ransomware, launch Distributed Denial-of-Service (DDoS) attacks, monitor webcams and keystrokes, spread via USB drives and execute commands remotely. The script’s coding style suggests it may have been generated using AI tools like ChatGPT or Claude, adding an additional layer of complexity for analysts attempting to trace its origins. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. XWorm achieves persistence by modifying registry entries and bypassing Windows Defender using techniques such as disabling AMSI (Antimalware Scan Interface). According to the VMRay post shared on X, the batch script uses a combination of obfuscation and automation to bypass detection. Its features include screen viewing/recording, keylogging, file upload/download, command execution and disabling security software. For example, the PowerShell loader is hidden within multiple layers of encoding, making it challenging for static analysis tools to detect malicious activity. She is covering various cyber security incidents happening in the Cyber Space. This functionality is achieved using PowerShell commands embedded within the batch file. The campaign highlights the growing threat posed by stealthy malware loaders that evade traditional antivirus solutions. Additionally, the script captures a screenshot of the victim’s system and sends it to the attacker via Telegram. ???? An obfuscated Batch script has remained fully undetected on VirusTotal for at least two days. AsyncRAT uses process hollowing to inject itself into legitimate processes, further evading detection.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 26 Feb 2025 08:35:16 +0000