Submit Release
News Search

There were 1,381 press releases posted in the last 24 hours and 425,430 in the last 365 days.

Researcher Exposes XWorm Malwareโ€™s C2 Communication

DUBAI, UNITED ARAB EMIRATES, November 27, 2023 /EINPresswire.com/ -- ANY.RUN, a leading malware analysis sandbox provider, has published a research article by Igal Lytzki (0xToxin on Twitter) in its blog, detailing the inner workings of the XWorm malware, a Remote Access Trojan (RAT) targeting Windows systems. The analysis delves into the communication between the XWorm server and infected clients, revealing the malware's data theft and remote-control capabilities.

๐ƒ๐ž๐œ๐ซ๐ฒ๐ฉ๐ญ๐ข๐ง๐  ๐—๐–๐จ๐ซ๐ฆ'๐ฌ ๐’๐ž๐œ๐ฎ๐ซ๐ž๐ ๐‚๐จ๐ฆ๐ฆ๐ฎ๐ง๐ข๐œ๐š๐ญ๐ข๐จ๐ง

The research found that XWorm uses AES-ECB encryption to communicate with its command-and-control (C2) server.

By decrypting this data, Lytzki was able to analyze the information exchanged between the malware and its server. This revealed that the malware collects sensitive information such as username, machine name, OS version, webcam presence, CPU and GPU details, installed antivirus software, and more.

๐”๐ง๐œ๐จ๐ฏ๐ž๐ซ๐ข๐ง๐  ๐—๐–๐จ๐ซ๐ฆ'๐ฌ ๐‘๐ž๐ฆ๐จ๐ญ๐ž ๐‚๐จ๐ง๐ญ๐ซ๐จ๐ฅ ๐…๐ž๐š๐ญ๐ฎ๐ซ๐ž๐ฌ

The researcher also discovered two plugins that can be activated through remote control of infected systems:

โ€ข Info stealer plugin: This plugin steals sensitive data, including credit card information, Chromium cookies, Discord tokens, FileZilla credentials, browser data, browser history, WiFi passwords, MetaMask data, and Telegram data.

โ€ข Commands plugin: This plugin enables attackers to execute various malicious actions, such as disabling or terminating Windows Defender, excluding paths from Windows Defender scans, installing the .NET framework, and blanking the screen.

๐”๐ญ๐ข๐ฅ๐ข๐ณ๐ข๐ง๐  ๐๐ž๐ฐ ๐ˆ๐ง๐ฌ๐ข๐ ๐ก๐ญ๐ฌ ๐Ÿ๐จ๐ซ ๐—๐–๐จ๐ซ๐ฆ ๐ƒ๐ž๐ญ๐ž๐œ๐ญ๐ข๐จ๐ง

The information gathered during the research has been integrated into the ANY.RUN sandbox, improving its detection capabilities.

Learn more in ANY.RUNโ€™s blog.

Vlada Belousova
ANYRUN FZCO
2027889264
email us here
Visit us on social media:
Twitter
YouTube

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

You just read:

Researcher Exposes XWorm Malwareโ€™s C2 Communication

Distribution channels: IT Industry, Technology


EIN Presswire's priority is author transparency. We do our best to weed out false and misleading content. The content above is the sole responsibility of the author who makes it available. If you have any complaints, kindly contact the author above.

By continuing to use this site, you agree to our Terms & Conditions, last updated on September 30, 2025.

We use cookies to enhance your experience. Learn more