ALL POSTS

Key Findings Multi-stage malware campaign codenamed VOID#GEIST delivers various remote access trojan (RAT) payloads, including XWorm, AsyncRAT, and Xeno RAT Malware utilizes obfuscated batch scripts as a pathway to deploy and execute encrypted shellcode payloads Leverages legitimate embedded Python runtime for portability, reliability, and stealth Employs fileless execution mechanisms and memory injection techniques to evade detection Background Cybersecurity researchers have

Background The XWorm malware has been around since 2022, but the latest version 7.2 surfaced on Telegram marketplaces in late 2025 and early 2026. Attackers are using social engineering tactics to lure victims into opening malicious Excel attachments in emails disguised as business communications. Technical Details The Excel file exploits an old vulnerability (CVE-2018-0802) to run a hidden script (HTA file) that downloads what appears to be a normal JPEG image. However, the