Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT
09.03.2026
15169
VOID#GEIST malware campaign delivers XWorm, AsyncRAT, and Xeno RAT using batch scripts, Python loaders, and explorer.exe injection.
Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT
Hold up, tech fam — a new malware campaign dubbed VOID#GEIST is dropping a triple threat of nasty RATs (XWorm, AsyncRAT, Xeno RAT) on Windows systems. It’s a multi-stage beast using batch scripts, Python loaders, and sneaky explorer.exe injection to slip past defenses. Think of it as a cyber heist with extra steps, and it’s hitting hard.
Here’s the lowdown: the attack kicks off with a batch script that downloads a Python loader, which then fetches the final payloads. It’s all about stealth — the malware injects into explorer.exe to avoid detection, making it a ghost in the machine. Targets? Anyone running Windows, so basically everyone in the corporate and personal space.
- • XWorm: A remote access trojan that gives attackers full control over infected systems.
- • AsyncRAT: Another RAT known for its async capabilities, enabling persistent backdoor access.
- • Xeno RAT: A lesser-known but equally dangerous RAT used for data exfiltration and system manipulation.
The campaign leverages CloudFlare for hosting malicious scripts, adding a layer of legitimacy to the phishing attempts. It’s a reminder that even trusted services can be weaponized. PowerShell is also in the mix, used to execute commands and spread the infection further.
VOID#GEIST malware campaign delivers XWorm, AsyncRAT, and Xeno RAT using batch scripts, Python loaders, and explorer.exe injection.
Bottom line: this is a sophisticated, multi-vector attack that blends old-school scripting with modern evasion tactics. If you’re in IT or security, keep an eye out for unusual batch or Python activity, and maybe double-check those CloudFlare domains. Stay sharp, folks — the cyber underworld isn’t slowing down.
#backdoors#malware#process injection#multi-stage attacks#phishing
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
