CyberSecurityBoard
Sponsor Register Login

New Variant Of XWorm Delivered Via Windows Script File

It executes a wide range of commands like “system manipulation” (‘shutdown,’ ‘restart,’ ‘logoff’), “file operations,” and “remote code execution” via PowerShell. This diverse toolkit enables the actors to have a extensive access and control over the systems that have been compromised which makes “XWorm” a significant threat in today’s cybersecurity ecosystem. These sophisticated techniques enable “XWorm” to “access sensitive information,” “gain remote access,” and deploy “additional malware” while evading detection. It communicates with its “command and control (‘C2’) server” via “TCP sockets,” using “AES-ECB encryption” with a modified “MD5 hash” as the key. XWorm captures ‘screenshots’ using the “CopyFromScreen” function and stores them as “JPEG” images in memory before transmission. Here the new features in v5.6 include the ability to remove plugins and a “Pong” command for response time reporting.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 01 Oct 2024 15:06:24 +0000


Cyber News related to New Variant Of XWorm Delivered Via Windows Script File

CVE-2021-41769 - A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < ...
4 years ago
XWorm - The Most Active RAT Uses New Stagers and Loaders to Bypass Defenses - This sophisticated malware has evolved far beyond traditional RAT capabilities, incorporating advanced features including keylogging, remote desktop access, data exfiltration, and command execution that make it particularly attractive to threat ...
6 months ago Cybersecuritynews.com LockBit
New Xworm V6 Variant Injects Malicious Code - The cybersecurity landscape has witnessed the emergence of a new variant of the Xworm malware, dubbed Xworm V6, which is capable of injecting malicious code into targeted systems. This variant represents an evolution in the malware's capabilities, ...
3 months ago Cybersecuritynews.com
New XWorm V6 Variant’s With Anti-Analysis Capabilities Attacking Windows Users in The Wild - This protection mechanism, combined with its registry-based persistence and memory-only execution, creates a formidable challenge for both automated security tools and manual incident response efforts, highlighting the continued evolution of modern ...
5 months ago Cybersecuritynews.com
New Variant Of XWorm Delivered Via Windows Script File - It executes a wide range of commands like “system manipulation” (‘shutdown,’ ‘restart,’ ‘logoff’), “file operations,” and “remote code execution” via PowerShell. This diverse ...
1 year ago Cybersecuritynews.com
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
2 years ago Techrepublic.com
CVE-2009-3874 - Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary ...
7 years ago
Face Off: US Election Debate Sparks New Wave of Crypto-Doubling Scams | Netcraft - The page features Elon Musk’s Tesla logo instead of Trump’s campaign logo, demonstrating how criminals tailor their content to appeal to different audiences, i.e., politically engaged vs cryptocurrency minded. The perpetrators of these scams ...
1 year ago Netcraft.com
Xworm malware resurfaces with ransomware module, over 35 plugins - The Xworm malware has made a significant comeback, now equipped with a ransomware module and boasting over 35 plugins. This resurgence marks a notable evolution in the malware's capabilities, making it a more formidable threat to cybersecurity. ...
3 months ago Bleepingcomputer.com
Cops dismantled LockBit before latest variant hit market The Register - Law enforcement's disruption of the LockBit ransomware crew comes as the criminal group was working on bringing a brand-new variant to market, research reveals. As part of the daily LockBit leaks this week, Trend Micro's report on the group, ...
1 year ago Go.theregister.com LockBit
Beware! Fake AI Video Generation Platforms Drop Stealer Malware on Your Computers - These fraudulent sites, amplified through viral social media campaigns and Facebook groups with tens of thousands of views, lure users into uploading personal media, only to deliver a previously undocumented malware dubbed Noodlophile Stealer. ...
8 months ago Cybersecuritynews.com
New Variant of macOS Threat XCSSET Spotted in the Wild - To avoid downloading Xcode projects infected with XCSSET, Microsoft recommends that developers and users "always inspect and verify any Xcode projects downloaded or cloned from repositories" that potentially will spread the malware. ...
11 months ago Darkreading.com
Gunra Ransomware New Linux Variant Runs Up To 100 Encryption Threads With New Partial Encryption Feature - The ransomware, which drew inspiration from the notorious Conti ransomware techniques, has rapidly expanded its operational scope beyond Windows systems to target Linux environments, demonstrating the group’s strategic evolution toward ...
5 months ago Cybersecuritynews.com
'HeadCrab' Malware Variants Commandeer Thousands of Servers - BLACK HAT EUROPE 2023 - London - The HeadCrab malware, which adds infected devices to a botnet for use in cryptomining and other attacks, has resurfaced with a shiny new variant that allows root access to Redis open source servers. Researchers from ...
2 years ago Darkreading.com
Windows 11 24H2 now rolling out, here are the new features - Version 24H2 is now also accessible via Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Microsoft 365 admin center. Microsoft suggests that businesses start targeted rollouts to ensure ...
1 year ago Bleepingcomputer.com
See How Our Cloud-Delivered Security Services Provide 357% ROI - Investing in Palo Alto Networks Cloud-Delivered Security Services provided a 357% return on investment and net present value of $10.04 million over 3 years, along with a 6-month payback period, according to a recently released Forrester Consulting ...
1 year ago Paloaltonetworks.com
STOP ransomware, more common than LockBit, gains stealthier variant - StopCrypt, the most common ransomware family of 2023, has a new variant leveraging more advanced evasion tactics. StopCrypt, also known as STOP/DJVU, surpassed the LockBit ransomware family in detections in 2023, according to Trend Micro's 2023 ...
1 year ago Packetstormsecurity.com LockBit
Microsoft spots XCSSET macOS malware variant used for crypto theft - A new variant of the XCSSET macOS modular malware has emerged in attacks that target users' sensitive information, including digital wallets and data from the legitimate Notes app. XCSSET then creates a malicious Launchpad application with ...
11 months ago Bleepingcomputer.com
Rust-Based Botnet P2Pinfect Targets MIPS Architecture - The cross-platform botnet known as P2Pinfect has been observed taking a significant leap in sophistication. Since its emergence in July 2023, this Rust-based malware has been on the radar for its rapid expansion, according to a new advisory published ...
2 years ago Infosecurity-magazine.com
CVE-2021-25668 - A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P ...
3 years ago
CVE-2021-25669 - A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P ...
3 years ago
U.S. Joins U.K. to Seize LockBit Site, Disrupt Massive Ransomware Variant - The U.S. Department of Justice has partnered with the United Kingdom and international law enforcement partners in London today to announce the disruption of the LockBit ransomware group. The LockBit ransomware group is one of the most active ...
1 year ago Americansecuritytoday.com LockBit
Fully Undetected Batch Script Leverages PowerShell & Visual Basic to Drop XWorm - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. It can steal sensitive data (e.g., login credentials), deploy ransomware, launch Distributed Denial-of-Service (DDoS) attacks, ...
11 months ago Cybersecuritynews.com
A New, Spookier Gh0st RAT Malware Haunts Global Cyber Targets - A new variant of the infamous "Gh0st RAT" malware has been identified in recent attacks targeting South Koreans and the Ministry of Foreign Affairs in Uzbekistan. The Chinese group "C.Rufus Security Team" first released Gh0st RAT on the open Web in ...
2 years ago Darkreading.com

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)