Features a "clipper" module that monitors the system clipboard and replaces cryptocurrency wallet addresses with the attacker's own.
Exfiltrates browser credentials, cookies, Wi-Fi keys, and Discord/Telegram tokens. xworm v31 updated
Uses obfuscated scripts to download a .NET-based loader. Features a "clipper" module that monitors the system