Alert: Vietnamese Hackers Unleash Sophisticated PXA Stealer to Raid Government Data Across Europe and Asia

Alert: Vietnamese Hackers Unleash Sophisticated PXA Stealer to Raid Government Data Across Europe and Asia

A New Vietnamese Cyber Threat: PXA Stealer

A Vietnamese threat actor has deployed a sophisticated Python-based malware called PXA Stealer, targeting government and educational institutions across Europe and Asia.

Key Features of PXA Stealer:
– Steals credentials from various online accounts, VPN, and FTP clients
– Captures financial information and browser cookies
– Decrypts browser master passwords
– Specifically targets Facebook business and advertisement accounts

Attribution and Connections:
– Vietnamese origin confirmed through code comments and Telegram account “Lone None”
– Possible links to threat actor “CoralRaider”
– Active in Vietnamese Telegram groups selling compromised credentials and tools

Attack Methodology:
1. Phishing emails containing ZIP files
2. Rust-based loader deployment
3. Execution of Windows batch scripts
4. Deployment of anti-AV payload
5. Installation of PXA Stealer

Related Developments:
– IBM X-Force identified StrelaStealer campaigns targeting European countries
– New stealer variants emerging: Amnesia Stealer and Glove Stealer
– Continuous evolution of existing malware families like RECORDSTEALER and Rhadamanthys

This threat represents a growing trend in sophisticated information-stealing malware, particularly from Vietnamese threat actors targeting business and advertising accounts.

Share This Article