Security News > 2023 > May > XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks

XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks
2023-05-12 21:00

Cybersecurity researchers have discovered an ongoing phishing campaign that makes use of a unique attack chain to deliver the XWorm malware on targeted systems.

Securonix, which is tracking the activity cluster under the name MEME#4CHAN, said some of the attacks have primarily targeted manufacturing firms and healthcare clinics located in Germany.

"The attack campaign has been leveraging rather unusual meme-filled PowerShell code, followed by a heavily obfuscated XWorm payload to infect its victims," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a new analysis shared with The Hacker News.

The report builds on recent findings from Elastic Security Labs, which revealed the threat actor's reservation-themed lures to deceive victims into opening malicious documents capable of delivering XWorm and Agent Tesla payloads.

The attacks begin with phishing attacks to distribute decoy Microsoft Word documents that, instead of using macros, weaponize the Follina vulnerability to drop an obfuscated PowerShell script.

The malware is also a Swiss Army knife in that it can perform clipper, DDoS, and ransomware operations, spread via USB, and drop additional malware.


News URL

https://thehackernews.com/2023/05/xworm-malware-exploits-follina.html