Background The XWorm malware has been around since 2022, but the latest version 7.2 surfaced on Telegram marketplaces in late 2025 and early 2026. Attackers are using social engineering tactics to lure victims into opening malicious Excel attachments in emails disguised as business communications. Technical Details The Excel file exploits an old vulnerability (CVE-2018-0802) to run a hidden script (HTA file) that downloads what appears to be a normal JPEG image. However, the
