The "v3.1" designation represents a maturity in the malware's development. It moves away from being a "nuisance" worm toward a professional-grade espionage tool.
XWorm v31 uses SMB to spread. Ensure that workstations cannot communicate via SMB to servers or critical infrastructure. Use a Zero Trust model. xworm v31 updated
The information stealer module has been overhauled to target modern applications: The "v3
Despite Microsoft blocking macros by default, v3.1 uses XLL add-ins for Excel or VBA stomping to evade Mark of the Web (MOTW) warnings. xworm v31 updated