Xworm-5.6-main.zip [verified]

The core XWorm malware is built to infect Windows systems. However, if the macOS or Linux system has software to run Windows executables (like WINE or a virtual machine), there is a theoretical risk. The primary delivery methods (phishing emails, malicious downloads) also work on any operating system, so these systems can still be a vector to pass the malware on to Windows users.

XWorm-5.6 records every keystroke, including passwords, usernames, and credit card numbers, which are then exfiltrated to the attacker. XWorm-5.6-main.zip

Is this investigation part of an active scenario? Share public link The core XWorm malware is built to infect Windows systems

While v5.6 laid the groundwork, the threat landscape has since evolved. Newer versions (6.0, 6.4, 6.5) have emerged, boasting over 35 plugins, including features like the "modified r77 rootkit installation" for stealth and deeper system hooking. XWorm-5

It can automatically extract saved passwords from browsers (Chrome, Firefox, Edge) and sessions from apps like Discord or Telegram.

A graphical user interface (GUI) application that allows the attacker to configure a customized malicious payload. The attacker can specify command-and-control (C2) server IP addresses, custom port numbers, persistence methods, and encryption keys.