Attackers are increasingly disguising malicious activity inside everyday business tools and file formats that employees and IT teams typically trust. According to the latest HP Wolf Security Threat Insights Report (Q2 2025), threat actors are refining their strategies to blend in with legitimate processes, making it more difficult for security defenses to keep up.
One of the standout campaigns observed in Q2 2025 involved the XWorm remote access trojan (RAT). Instead of deploying custom malware directly, attackers chained together several built-in Windows utilities. These “living off the land” binaries were used to run commands, transfer files, and decode hidden malware, all while evading many security alerts.
The final XWorm payload was concealed inside the pixels of a genuine image from a trusted website. Attackers then used PowerShell scripts to extract the hidden code, with MSBuild executing the malware. Once complete, attackers gained full remote access and data-stealing capabilities using only tools already present on the system.
“Living off the land techniques are notoriously difficult for security teams because it’s hard to tell green flags from red – i.e. legitimate activity versus an attack… Even the best detection will miss some threats, so defense-in-depth with containme
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: