Backdoor.XWorm

Backdoor.XWorm is Malwarebytes’ detection name for a family of Remote Access Trojans (RATs) which are capable of stealing data, spying on the user, and install additional malware, including ransomware. Backdoor.XWorm acts as a keylogger, can replace cryptocurrency addresses in clipboard and has advanced anti-analysis and anti-sandbox features to help it avoid detection.

Backdoor.Xworm was initially a Malware-as-a-Service so the cybercriminals that set it up rented the RAT and the infratsructure to other criminals who could distribute it as they saw fit. Later the code was leaked, so it really depends very much on the group using it, how it will be spread and to what end it will be used.

Backdoor.XWorm usually runs silently in the background and may not provide any indication of infection to the user. Backdoor.XWorm may also add itself to Microsoft Defender’s exclusions and disable other Microsoft Windows security features.

If you find your Windows machine has been infected with Backdoor.XWorm, the most secure way is to disconnect the machine from the entwork and the internet, backup your documents and images (no software), change all your passwords, and re-install Windows from scratch. You may be able to remove Backdoor.XWorm, but the operator may have added more malware to the mix and made other configuration changes.

Malwarebytes protects users from the installation of Backdoor.XWorm and Malwarebytes detects and removes Backdoor.XWorm.

How to remove Backdoor.XWorm with the Malwarebytes Nebula console

You can use the Malwarebytes Anti-Malware Nebula console to scan endpoints.

Nebula endpoint tasks menu

Choose the Scan + Quarantine option. Afterwards you can check the Detections page to see which threats were found.

On the Quarantine page you can see which threats were quarantined and restore them if necessary.

Malwarebytes can detect and remove many Backdoor.XWorm infections without further user interaction.

Please download Malwarebytesto your desktop.

Double-click MBSetup.exeand follow the prompts to install the program.

When your Malwarebytes for Windowsinstallation completes, the program opens to the Welcome to Malwarebytes screen.

Click on the Get started button.

Click Scan to start a Threat Scan.

Click Quarantine to remove the found threats.

Reboot the system if prompted to complete the removal process.