1. Forum
  2. tqwNet
  3. TQW GENTECH

  • This infamous ransomware has returned, and it's more dangerous th

    From TechnologyDaily@1337:1/100 to All on Tuesday, October 07, 2025 16:30:08
    This infamous ransomware has returned, and it's more dangerous than ever

    Date:
    Tue, 07 Oct 2025 15:14:00 +0000

    Description:
    After laying dormant for a year, XWorm is back, and more dangerous than ever before.

    FULL STORY ======================================================================XWorm resurfaces with versions 6.06.5, now maintained by alias XCoderTools Malware includes RAT, ransomware, data theft, DoS, and over 35 modular plugins
    Trellix reports rising VirusTotal samples; phishing remains key propagation method

    XWorm, the infamous backdoor malware used to wreak havoc several years ago, has apparently returned after a year-long sabbatical.

    Security researchers found three new versions, 6.0, 6.4, and 6.5, which have surfaced on the dark web, with multiple threat actors using it in their campaigns.

    XWorm was built and maintained by a threat actor named XCoder, back in 2022. They used to share details and updates on Telegram, before going dark. The last version of the malware was XWorm 5.6, which apparently was vulnerable to remote code execution. Numerous capabilities

    It is not known if the original developer is back, or if the tool was picked up by a separate threat actor. In any case, the alias maintaining it now is XCoderTools.

    The malware itself now comes with numerous new capabilities, as well as a modular design.

    Its primary feature, to work as a remote access trojan (RAT), is still there. It also comes with a ransomware module, the ability to steal sensitive information from compromised devices, monitor the clipboard, log keystrokes, and capture screens.

    It can execute arbitrary commands on the infected system, manage files, pull OS details, and launch denial-of-service (DoS) attacks.

    In total, more than 35 plugins enable tailored functionality, depending on
    the target, making XWorm a highly versatile and dangerous malware.

    Cybercriminals can now acquire the tool for a $500 lifetime subscription, XCoderTools advertised, further stressing that the RCE vulnerability has been addressed, as well.

    It seems to be working, too, since security researchers Trellix saw an uptick in XWorm samples being uploaded to VirusTotal.

    The best way for businesses to defend against new XWorm attacks is to go for
    a multi-layered security approach that can respond to attacks even after compromise. Training staff on the dangers of phishing can help, too, since
    the worm is mostly propagated through email.

    Via BleepingComputer

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too. You might also like How XWorm is fueling the rise of plug-and-play malware Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-infamous-ransomware-has-returned-a nd-its-more-dangerous-than-ever


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)