XWorm.

A modular .NET remote-access trojan that emerged in 2022 and became one of the most distributed commodity RATs of 2024–2025, sold openly to low-skill operators and shipped via every common phishing and loader vector. サイバーセキュリティの マルウェア カテゴリに属します。

A modular .NET remote-access trojan that emerged in 2022 and became one of the most distributed commodity RATs of 2024–2025, sold openly to low-skill operators and shipped via every common phishing and loader vector.

XWorm is a .NET-based remote-access trojan and stealer that first appeared in 2022 and has since become one of the most distributed commodity RATs, peaking through 2024–2025. It is sold on Telegram and forums to a low-skill operator base, which is reflected in its capability set: a builder GUI lets affiliates configure clipboard hijacking (crypto-wallet replacement), keystroke logging, screen capture, credential theft from major browsers and mail clients, hidden remote desktop (HVNC), webcam capture, file transfer, command shell, and a small plug-in loader for follow-on payloads. Some XWorm builds include worm-like spreading via USB drives and Discord-token theft. Distribution leverages phishing, SmokeLoader/PrivateLoader chains, malvertising, fake-update lures, and trojanized cracks. XWorm shares lineage and code with other commodity .NET families (NanoCore, Quasar, AsyncRAT) and is often used as the second-stage payload after loaders such as GuLoader, SmokeLoader, or DBatLoader. EDR detections target its typical C2 patterns (custom TCP protocol over TLS to operator-chosen ports) and its installation footprint in `%AppData%` with scheduled-task persistence.

XWorm に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

一般的な別名: X-Worm, XWorm RAT。