Vietnamese Hackers Unleash PXA Stealer: Targeting Sensitive Data Across Europe and Asia

🕵️♂️ Threat actors from Vietnam have been identified as deploying a new Python-based malware, PXA Stealer, aimed at government and education sectors in Europe and Asia. This stealer is designed to compromise sensitive credentials, including:

🔑 Online accounts 📡 VPN and FTP clients 💳 Financial data 🍪 Browser cookies

📧 The attack starts with phishing emails containing ZIP file attachments. Once opened, a Rust-based loader and hidden scripts are executed, bypassing antivirus protections and deploying the malware.

PXA Stealer can even decrypt stored browser passwords to access accounts and manipulate Facebook Ads Manager using stolen cookies.

Evidence of Vietnamese involvement includes:

Telegram groups are selling stolen credentials and SIM cards.Vietnamese comments on the malware’s code.A hard-coded Telegram account with the national flag and emblem of Vietnam’s Ministry of Public Security.

The PXA Stealer campaign highlights the ongoing risks of phishing attacks and evolving malware techniques. Vietnamese threat actors, like the CoralRaider group, continue to innovate with tools for managing stolen accounts and bypassing security measures.

🛡️ Stay vigilant against phishing emails, especially those containing ZIP files or suspicious documents.🔄 Regularly update antivirus software and monitor account activity.🧩 Consider professional penetration testing services to fortify your organization’s defenses.

At Wire Tor, we specialize in identifying vulnerabilities before threat actors do. From phishing simulation to malware protection, our penetration testing services help safeguard your data from attacks like PXA Stealer.

🔐 Follow us for more cybersecurity updates: 👉 Wire Tor Pentest Services ✨ Reach Before Breach! 🚀