Xworm V31 Updated ((link)) < Windows >

XWorm version 3.1 is a sophisticated, .NET-based Remote Access Trojan (RAT) utilizing phishing, HTA files, and process hollowing to maintain stealthy, modular control over Windows systems. It employs advanced obfuscation and C2 communication via AES-encrypted packets, with capabilities including ransomware and cryptocurrency theft. For a deep dive into the code and infection mechanics, visit Fortinet.

Since the 3.1 update, XWorm has undergone several major iterations, with the most recent versions reaching v7.2 by February 2026. xworm v31 updated

: Capable of gathering private files, hijacking Telegram and MetaMask accounts, and stealing browser credentials. System Monitoring XWorm version 3

Recent campaigns often involve phishing emails with malicious Excel attachments (exploiting CVE-2018-0802) that execute fileless .NET modules directly in memory to avoid detection. Stealth and Evasion: Since the 3

Crypto Hijacking: Capability to monitor the clipboard and replace cryptocurrency addresses with those belonging to the attacker.

Data Theft: Features like screen recording, a keylogger, and the ability to capture screenshots.

This is a good faith offer. If you believe that your rights are violated please read the disclaimer