XWorm v3.1 employs a sophisticated, multi-stage infection chain designed to bypass conventional endpoint defenses and sandboxing solutions. Rather than relying on a single infection vector, XWorm cycles through a diverse array of loaders and stagers—including PowerShell, VBS, JavaScript, batch scripts, .NET executables, .hta, .lnk, .iso, .vhd, .img, and Office macros—to deliver its payload.
Allows operators to download and execute plugins based on the target.