XWorm V6: Exploring Pivotal Plugins
Essential information
- Published
- 06/10/2025 18:58
- Modified
- 06/10/2025 19:17
- Tags
- 2025-10-06 amsi bypass file manager javascript phishing powershell rat remote desktop xworm
- Related entities
- 22 observables, 1 intrusion sets (apt), 10 techniques (mitre), 1 malware
Description
Since the release of XWorm V6.0 on June 4, 2025, we have noted a surge in samples identified as XWorm V6.0 on VirusTotal, reflecting its rapid adoption by threat actors. One prominent campaign illustrates its delivery: a malicious JavaScript (JS) file initiates a PowerShell (PS1) script, which deploys an injector to deliver the XWorm Client.