Xworm 3.1 [repack] -

Distributing malicious PDF documents, ISO files, or Office documents containing macros that download the payload.

Unexpected pop-up windows or command prompt shells appearing and closing quickly. Security software being unexpectedly disabled. Protective Measures

As of early 2026, XWorm 3.1 is actively distributed via highly tailored, . xworm 3.1

Do you need help analyzing specific ? Share public link

: Utilizing ISO, VHD, or ZIP archives containing malicious LNK files or heavy loaders. Distributing malicious PDF documents, ISO files, or Office

XWorm 3.1 communicates with the Command and Control (C2) server via TCP or WebSocket on custom ports (often configurable, e.g., 4000, 5000).

The HTTP POST request structure:

Train employees to recognize and report suspicious phishing emails.