Fortinet researchers have disclosed a new phishing campaign delivering the commercially available XWorm malware, chaining a years-old Microsoft Office vulnerability with fileless execution to escape detection. The campaign, which uses multi-themed phishing emails and a malicious Excel add-in, ultimately deploys the modular remote access trojan (RAT) capable of encrypted command-and control (C2) and plugin-based expansion. “This campaign is striking in its ordinariness,” said Shane Barney, chief information security officer at Keeper Security. “There’s no breakthrough technique here. It’s a clean execution chain built from components we’ve all seen before. The sophistication isn’t in the nove...