: Gathers detailed hardware info, OS version, and user account details to send back to a Command and Control (C&C) server.
Includes features for screen recording, microphone access, and file management. xworm 3.1
: Actively monitors running processes and reports system details (e.g., OS version) back to its Command & Control (C&C) server. Remote Control and Execution C&C Communication : Gathers detailed hardware info, OS version, and
The distribution methods for XWorm 3.1 frequently involve sophisticated phishing campaigns. Attackers often utilize malicious email attachments or links to compromised websites that host "crypters"—tools used to wrap the malware in a protective layer of code to hide its true intent. Once executed, XWorm 3.1 employs several persistence mechanisms, such as modifying the Windows Registry or creating scheduled tasks, to ensure it remains active even after a system reboot. Its communication with the Command and Control server is typically encrypted, making it difficult for network administrators to detect the exfiltration of sensitive data. Its communication with the Command and Control server