CloudSEK researchers discovered a fake malware builder targeting inexperienced hackers, infecting over 18,000 devices worldwide. The Trojanized XWorm RAT builder, disguised as a hacking tool, actually installed backdoors to steal data and take over computers. The malware included a kill switch activated to remove it from some infected devices, but others remain compromised. The infected machines communicated with a Telegram-based command and control server, stealing data and awaiting instructions. The researchers disrupted the botnet by sending a mass uninstall command, but due to practical limitations, not all devices were cleaned. This incident highlights the dangers of trusting unsigned software and emphasizes using malware builders only in safe testing environments.
https://www.bleepingcomputer.com/news/security/hacker-infects-18-000-script-kiddies-with-fake-malware-builder/