The group behind the XFiles info-stealer malware has added a new delivery module for dropping their payload on to target computers. This new delivery module exploits CVE-2022-30190, also known as Follina, in an attempt to get as much auto-execution as possible on victim systems.
The XFiles Reborn operation has been steadily gaining members and expanding their operations and tooling. Beyond the XFiles info-stealing malware, they also advertise a malware known as the “Punisher Miner,” which is claimed to be a highly evasive and stealthy cryptocurrency miner supporting Monero, Toncoin, and Ravecion. This mining tool is being sold for 500 rubles ($9), which is the equivalent of one month usage of the XFiles stealer.