XWorm 3.1 is a sophisticated Remote Access Trojan (RAT) distributed via malicious PDFs and cracked software that grants attackers full control over a victim’s machine, including capabilities for fileless execution and DDoS attacks. The malware achieves persistence through Windows Registry manipulation, bypasses UAC, and evades detection by checking for antivirus software. Read the full analysis at Malicious PDF delivering Xworm 3.1 payload - SonicWall
XWorm 3.1 represents a refined build focusing on three primary goals: stealth, persistence, and destructive capability. xworm 3.1
Improve reliability with transactional queue XWorm 3
As of late 2025, XWorm 3.1 remains in active circulation, but its source code has been leaked multiple times, leading to fragmented "custom builds." The original author(s) likely shifted to a new project, but variants like XWorm RAT v3.2 (unofficial) and DiamondRAT (a rebrand) are emerging. Experimental Evaluation
9
Xworm 3.1 is a malicious Remote Access Trojan (RAT) designed to gain unauthorized, full control over infected systems. It is commonly distributed through phishing emails containing malicious PDF attachments or by abusing legitimate Windows tools like the Software Licensing Management Tool (slmgr.vbs). Core Capabilities
XWorm 3.1 communicates with the Command and Control (C2) server via TCP or WebSocket on custom ports (often configurable, e.g., 4000, 5000).