Hackers Distribute XWorm RAT v7.4 via PyInstaller with AMSI Patching to Evade Detection

Hackers are distributing XWorm RAT v7.4 by embedding the malware in PyInstaller files to evade Windows security defenses. The attack leverages AMSI (Antimalware Scan Interface) patching to bypass detection, enabling data theft and remote device control. The malware is delivered through malicious advertisements, though no specific campaign dates or targeted regions were disclosed. XWorm RAT is a remote access trojan capable of executing commands, exfiltrating data, and maintaining persistence on infected systems. No CVE IDs or additional technical indicators (e.g., hashes, IOCs) were mentioned in the report.