Cybersecurity researchers have identified a new wave of campaigns distributing PXA Stealer, a Python-based information stealer operated by Vietnamese-speaking cybercriminals. The malware targets various data, exfiltrates stolen information via Telegram, and supports a large-scale underground resale ecosystem. #PXAstealer #VietnameseCybercriminals
Keypoints
- The campaigns have infected over 4,000 IP addresses across 62 countries, stealing sensitive data.
- PXA Stealer can harvest passwords, browser cookies, cryptocurrency wallet info, and data from financial apps.
- The malware employs anti-analysis techniques, decoy content, and stealthy command-and-control servers to evade detection.
- Thieves use Telegram channels to exfiltrate data and feed it into criminal marketplaces for resale.
- Updated versions include advanced capabilities like DLL injection and stealing from VPNs, cloud CLIs, and chat apps.
Read More: https://thehackernews.com/2025/08/vietnamese-hackers-use-pxa-stealer-hit.html