While not new to RATs, v31 updates its targeting list. It now monitors the clipboard for regex patterns matching:
Be wary of .exe files disguised as images or PDFs. You can see technical teardowns of these files on YouTube and LinkedIn . xworm v31 updated
The ability to run code directly in RAM without saving files to the hard drive, making it nearly invisible to traditional antivirus. Shape-Shifting: While not new to RATs, v31 updates its targeting list
: It can disable User Account Control (UAC) prompts, allowing it to run with administrative privileges without alerting the user. Service Manipulation The ability to run code directly in RAM
Sold on darknet forums and Telegram. Lifetime subscriptions average around $500 , though cracked versions of v3.1 are frequently leaked for free. Key Capabilities (v3.1)
XWorm is a sophisticated Remote Access Trojan first identified in 2022. It is typically sold as a on darknet forums and Telegram. The v3.1 update marked a shift toward a more versatile, plugin-based system, allowing threat actors to customize the malware with over 35 distinct modules depending on their goals—be it data theft, surveillance, or ransomware deployment. Key Features & Capabilities