Want latest news insights in your inbox? Sign up for our weekly newsletters to get only what matters to your organization. Subscribe Now
Cybersecurity researchers have identified a sophisticated new threat campaign powered by a Python-based infostealer known as PXA Stealer. A malware strain linked to Vietnamese-speaking cybercriminals operating at a global scale.
According to a joint report from Beazley Security and SentinelOne, this threat actor group has breached over 4,000 unique IP addresses across 62 countries, including the U.S., South Korea, Netherlands, Hungary, and Austria. The campaign has resulted in the theft of:
-
200,000+ unique passwords
-
Hundreds of credit card records
-
Over 4 million browser cookies
“This discovery showcases a leap in tradecraft,” said researchers Jim Walter, Alex Delamotte, Francisco Donoso, Sam Mayers, Tell Hause, and Bobby Venal. “Attackers are using advanced anti-analysis methods, decoy documents, and hardened command-and-control infrastructure to delay detection.”
What’s New About PXA Stealer?
Originally documented by Cisco Talos in late 2024, PXA Stealer has evolved into a multi-stage, evasive malware with advanced capabilities to:
-
Extract autofill data, credentials, and cookies from Chromium-based browsers
-
Bypass browser encryption by injecting DLLs into active sessions
-
Steal data from VPN clients, cloud CLI tools, file shares, and Discord apps
-
Evade detection using decoy content (like copyright notices) and DLL side-loading
The data is exfiltrated via Telegram bots to channels controlled by the hackers, and is then funneled into underground platforms like Sherlock, where credentials are sold for follow-on attacks—including cryptocurrency theft, corporate infiltration, and identity fraud.
Why This Matters
This is more than just another malware campaign. It’s a glimpse into the growing commercialization of cybercrime, where stolen data is monetized through Telegram-based criminal marketplaces. It also highlights:
-
The increasing sophistication of infostealers
-
The cross-border scale of operations (62 countries affected)
-
The importance of threat hunting, behavioral detection, and multi-layered defenses
📬 Want to stay ahead of emerging cybersecurity challenges like this?
Subscribe to our newsletter for weekly insights, updates, and expert analysis.
