Paste.ee Turned Cyber Weapon: XWorm and AsyncRAT Delivered by Malicious Actors

The widespread text-sharing website Paste.ee has been used as a weapon by bad actors to spread powerful malware strains like XWorm and AsyncRAT, which is a worrying trend for cybersecurity professional.

This tactic represents a significant shift in phishing and malware delivery strategies, exploiting a trusted service to bypass traditional security defenses.

Unveiling a New Cyber Threat Vector

Hunt researchers have identified a surge in campaigns leveraging Paste.ee to host malicious payloads and scripts, often disguised as innocuous text snippets, which are then disseminated via phishing emails and social engineering tactics.

This abuse of legitimate platforms underscores the evolving sophistication of threat actors who continuously adapt to evade detection by anti-malware solutions and firewalls.

The operational methodology behind these attacks is both intricate and alarmingly efficient. Cybercriminals upload malicious scripts or encoded payloads to Paste.ee, exploiting ...