Hackers Use Excel Exploit to Hide XWorm 7.2 in JPEG Files, Hijack PCs

A new phishing campaign is spreading XWorm 7.2 via malicious Excel files, hiding the malware in Windows processes, and using AES encryption to steal passwords and Wi-Fi keys.

If a strange email about a “payment detail request” or “signed bank document” lands in your inbox, your best bet is to delete it immediately. A fresh investigation by Fortinet’s FortiGuard Labs warns that scammers are using these mundane business themes to infect Windows PCs with XWorm malware.

XWorm is a Remote Access Trojan (RAT), which is a tool capable of giving a hacker full remote control of compromised Windows systems. While the virus has been around since 2022, this latest version (XWorm 7.2) is a much more advanced breed that surfaced on Telegram marketplaces as recently as late 2025 and early 2026.

How the Trap is Set

As we know it, attackers rely on social engineering to make ...