Global PXA Stealer attacks launched by Vietnamese hackers

More than 4,000 IP addresses worldwide have been compromised by Vietnamese threat actors in attack campaigns involving the Python-based PXA Stealer malware, resulting in the theft of over 200,000 credentials, more than 4 million browser cookies, and hundreds of credit card records, The Hacker News reports.

Attackers have leveraged DLL side-loading techniques and other staging tactics to covertly deploy the updated PXA Stealer, which not only pilfers Chromium-based browser cookies and VPN client information, but also data from connected file shares, cloud command-line interface utilities, and other applications, according to a joint analysis from Beazley Security and SentinelOne SentinelLabs. BotIDs have also been used by the information-stealing malware to facilitate connections between the primary bot and other ChatIDs, or Telegram channels created for hosting the stolen data. Such a report which comes after PXA Stealer was noted to have been used to compromise European and Asian organizations "showcases a leap in tradecraft, incorporating more nuanced anti-analysis techniques, non-malicious decoy content, and a hardened command-and-control pipeline that frustrates triage and attempts to delay detection," said researchers.

