Abusing Paste.ee to Deploy XWorm and AsyncRAT Across Global C2 Infrastructure

Description

A sophisticated malware campaign has been discovered utilizing paste.ee to distribute XWorm and AsyncRAT. The attackers employ obfuscated JavaScript with Unicode characters to download and execute malicious code from paste.ee URLs. The infrastructure includes multiple C2 servers across Europe and the US, using specific ports and SSL certificates. XWorm, a stealthy RAT, captures keystrokes, exfiltrates data, and maintains persistent remote access. AsyncRAT, an open-source trojan, is also part of the campaign. The attackers use a network of IP addresses and domains, with some hosted by QuadraNet Enterprises LLC and dataforest GmbH. Defenders are advised to block identified domains, monitor suspicious connections, and update security software to detect unusual behavior.