Security News > 2023 > May > XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks
Cybersecurity researchers have discovered an ongoing phishing campaign that makes use of a unique attack chain to deliver the XWorm malware on targeted systems.
Securonix, which is tracking the activity cluster under the name MEME#4CHAN, said some of the attacks have primarily targeted manufacturing firms and healthcare clinics located in Germany.
"The attack campaign has been leveraging rather unusual meme-filled PowerShell code, followed by a heavily obfuscated XWorm payload to infect its victims," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a new analysis shared with The Hacker News.
The report builds on recent findings from Elastic Security Labs, which revealed the threat actor's reservation-themed lures to deceive victims into opening malicious documents capable of delivering XWorm and Agent Tesla payloads.
The attacks begin with phishing attacks to distribute decoy Microsoft Word documents that, instead of using macros, weaponize the Follina vulnerability to drop an obfuscated PowerShell script.
The malware is also a Swiss Army knife in that it can perform clipper, DDoS, and ransomware operations, spread via USB, and drop additional malware.
News URL
https://thehackernews.com/2023/05/xworm-malware-exploits-follina.html
Related news
- Chinese hackers use new data theft malware in govt attacks (source)
- New PIXHELL Attack Exploits LCD Screen Noise to Exfiltrate Data from Air-Gapped Computers (source)
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack (source)
- New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency (source)
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)
- Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks (source)
- CISA warns of Windows flaw used in infostealer malware attacks (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users (source)