1
A new malware campaign has affected users globally, stealing sensitive data. Identified as PXA stealer, this Python-based malware is actively targeting users across 62 countries.
PXA Python Malware Emerges As A Potent Data Stealer
Researchers from SentinelOne have shared details about a newly discovered malware in a recent post. As explained, the PXA malware is running active campaigns, targeting users across several countries, stealing data. Due to its aggressive activities, it eventually caught the attention of the researchers from Beazley Security and SentinelOne, who then collaborated to investigate the malware in detail.
Specifically, PXA is a potent Python-based malware that exhibits potent data-stealing capabilities. Upon infecting a device, it exfiltrates sensitive information such as passwords, payment information, and cryptocurrency wallets to attackers’ Telegram channels via bots.
The attack begins after the malware enters a target device via sideloading to legitimate software, malicious DLLs, or malicious file archives delivered via phishing. The campaign exhibits all necessary evasive techniques to avoid detection by security tools.
Upon reaching the target device, the final payload, the PXA Stealer, executes, which exfiltrates data to the attackers via Telegram. Since the PXA Stealer supports a wide range of apps, the exfiltrated data includes almost all sorts of sensitive information. It analyzes Chromium/Gecko browsers to steal stored data, and even injects a malicious DLL into active Chrome instances to bypass Chrome’s App-bound Encryption.
This malware has been running active campaigns since 2024. Analyzing this malware campaign made the researchers trace back its links to Vietnamese-speaking threat actors, who sell exfiltrated data to a Telegram-based cybercriminal marketplace.
The researchers identified over 4000 victims of this malware campaign spanning 62 countries, based on the IP addresses. These victims predominantly belong to the United States, the Netherlands, South Korea, Austria, and Hungary. As for the stolen data, the researchers observed more than 200,000 unique passwords, over 4 billion browser cookies, and hundreds of credit card details.
Watch Out For Infostealers
Infostealers, like PXA, usually prove to be the most potent malware, allowing the threat actors to stay under the radar, given their stealthy behavior. Therefore, while there’s nothing much users can do to secure the stolen information, they can at least do their best to avoid such online threats.
Since infostealers usually rely on stored data, more specifically, the data saved in the browsers, it’s always best practice to avoid storing information within browsers.
Likewise, leaving payment information stored on websites and browsers also increases the risks of financial fraud. Hence, while it might be tedious to retype these details, it’s still safer to manage this additional effort than to expose such sensitive details to the adversaries.
Nonetheless, if storing information is necessary at all, users should consider using a robust password manager to handle this sensitive data. While password managers do not provide foolproof security, using them at least minimizes the exposure of sensitive information to online adversaries.
Let us know your thoughts in the comments.
Get real time update about this post category directly on your device, subscribe now.
