Xworm 3.1 -

distinguishes itself from previous iterations (such as 2.2 or 3.0) by moving away from easily detectable HTTP/HTTPS C2 communication in favor of more robust TCP and WebSocket protocols, coupled with heavy obfuscation in its delivery mechanism. It is frequently observed being dropped by weaponized Office documents (Excel 4.0 Macros) or bundled with "cracked" software installers.

The C2 traffic is protected from simple sniffing: xworm 3.1

: Full access to upload, download, delete, or execute files on the target machine. Stealth & Persistence distinguishes itself from previous iterations (such as 2