011 - Decoding XWorm: Communication via Telegram and Retrieval of New Variant

2025-04-23 — 4 min read

In this article, we explore how XWorm reports back to its operators and how it retrieves new variants of itself.

010 - Decoding XWorm: Keylogger and Cryptocurrency Capture

2025-04-09 — 8 min read

In this article, we explore how XWorm intercepts cryptocurrency transactions intended for other wallets, as well as its ability to capture keystrokes from its victim through keylogging.

Read more →

009 - Decoding XWorm: Lateral Movement

2025-02-18 — 8 min read

In this article, we explore how XWorm uses USBs to spread to other machines.

Read more →

008 - Decoding XWorm: Defense Evasion and Persistence

2025-01-22 — 5 min read

In this article, we explore how XWorm evades defenses and establish persistence.

Read more →

007 - Decoding XWorm: Initial Exploration and Anti-Analysis Techniques

2025-01-14 — 8 min read

In this article, we explore how XWorm employs obfuscation, encryption, and anti-analysis techniques to evade detection.

Read more →

011 - Decoding XWorm: Communication via Telegram and Retrieval of New Variant

010 - Decoding XWorm: Keylogger and Cryptocurrency Capture

009 - Decoding XWorm: Lateral Movement

008 - Decoding XWorm: Defense Evasion and Persistence

007 - Decoding XWorm: Initial Exploration and Anti-Analysis Techniques

Subscribe to Threat Anatomy