Security News > 2023 > May > XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks
Cybersecurity researchers have discovered an ongoing phishing campaign that makes use of a unique attack chain to deliver the XWorm malware on targeted systems.
Securonix, which is tracking the activity cluster under the name MEME#4CHAN, said some of the attacks have primarily targeted manufacturing firms and healthcare clinics located in Germany.
"The attack campaign has been leveraging rather unusual meme-filled PowerShell code, followed by a heavily obfuscated XWorm payload to infect its victims," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a new analysis shared with The Hacker News.
The report builds on recent findings from Elastic Security Labs, which revealed the threat actor's reservation-themed lures to deceive victims into opening malicious documents capable of delivering XWorm and Agent Tesla payloads.
The attacks begin with phishing attacks to distribute decoy Microsoft Word documents that, instead of using macros, weaponize the Follina vulnerability to drop an obfuscated PowerShell script.
The malware is also a Swiss Army knife in that it can perform clipper, DDoS, and ransomware operations, spread via USB, and drop additional malware.
News URL
https://thehackernews.com/2023/05/xworm-malware-exploits-follina.html
Related news
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware (source)
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability (source)
- Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) (source)
- From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (source)
- New BunnyLoader Malware Variant Surfaces with Modular Attack Features (source)