Remote Access Trojan

XWorm

First seen: 2022-07 • Status: active

Currently Active Threat

XWorm is a modular hacking tool that can be customized with plugins. It steals passwords, logs keystrokes, and can steal cryptocurrency.

Overview

XWorm is a .NET-based RAT sold on underground forums. It features modular plugins for credential stealing, keylogging, and cryptocurrency theft.

Also Known As

X-Worm

How It Spreads

  • Phishing emails
  • Malicious documents
  • Discord malware

What It Does

  • Remote access
  • Keylogging
  • Credential theft
  • Cryptocurrency stealing

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Monitor .NET processes
  • Watch for known XWorm signatures

MITRE ATT&CK Techniques

T1056, T1555, T1005

If You're Infected

  1. 1.

    Run malware scan

  2. 2.

    Change all credentials

Related Malware

Asyncrat, Njrat

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices