Ethical Hacking News
Recent reports have highlighted the efforts of Vietnamese hackers to steal sensitive information from thousands of unsuspecting victims across 62 countries using a sophisticated piece of malware called PXA Stealer. This latest development underscores the need for robust cybersecurity measures to protect against such attacks and highlights the importance of staying vigilant in the face of emerging threats.
Vietnamese hackers are using a sophisticated malware called PXA Stealer to steal sensitive information from thousands of victims across 62 countries.PXA Stealer has extracted over 200,000 unique passwords and infiltrated over 4,000 unique IP addresses.The malware is part of an organized cybercrime ecosystem that uses Telegram APIs to exfiltrate stolen data.PXA Stealer has advanced capabilities, including extracting cookies from Chromium-based web browsers and plugging data from VPN clients and applications like Discord.Threat actors use DLL side-loading techniques and staging layers to evade detection by security software.The campaigns distributing PXA Stealer have witnessed a steady tactical evolution to stay ahead of security professionals and law enforcement agencies.
In a disturbing trend that highlights the escalating threat landscape, Vietnamese hackers have been making headlines for their audacious attempts to steal sensitive information from thousands of unsuspecting victims across 62 countries. According to recent reports, these cybercriminals have been using a sophisticated piece of malware called PXA Stealer, which has managed to infiltrate over 4,000 unique IP addresses and extract a staggering 200,000 unique passwords.
The malicious activity, attributed to Vietnamese-speaking hackers, is part of an organized cybercrime ecosystem that utilizes Telegram APIs as a means of exfiltrating stolen data. This platform allows downstream threat actors to purchase the information, which they can then use for various nefarious purposes such as cryptocurrency theft or infiltrating organizations to carry out follow-on attacks.
PXA Stealer, which was first documented by Cisco Talos in November 2024, is an updated version of a malware that was initially used to target government and education entities in Europe and Asia. The current iteration boasts advanced capabilities, including the ability to extract cookies from Chromium-based web browsers by injecting a DLL into running instances with the aim of defeating app-bound encryption safeguards.
Furthermore, this malware also plunders data from VPN clients, cloud command-line interface (CLI) utilities, connected fileshares, and applications like Discord. It achieves these feats through the use of DLL side-loading techniques and elaborate staging layers, which are employed to evade detection by security software.
"It's a highly evasive, multi-stage operation driven by Vietnamese-speaking actors with apparent ties to an organized cybercriminal Telegram-based marketplace that sells stolen victim data," researchers have observed. "This threat has since matured into a maturely-organized cybercrime ecosystem."
The campaigns distributing PXA Stealer in 2025 have witnessed a steady tactical evolution, as the threat actors attempt to stay one step ahead of security professionals and law enforcement agencies. They utilize non-malicious decoy content and hardened command-and-control pipelines to frustrate triage and delay detection.
This development has significant implications for individuals and organizations alike, highlighting the need for robust cybersecurity measures to protect against such attacks. By understanding the tactics employed by these hackers and how they are able to stay ahead of security software, we can develop more effective countermeasures to prevent similar breaches in the future.
In conclusion, the rise of PXA Stealer represents a significant escalation in the threat landscape, as Vietnamese hackers continue to push the boundaries of what is possible. As such, it serves as a stark reminder of the importance of staying vigilant and proactive in the face of emerging threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Vietnamese-Hackers-Latest-Steal-A-Global-Scourge-of-Passwords-and-Browsers-ehn.shtml
https://thehackernews.com/2025/08/vietnamese-hackers-use-pxa-stealer-hit.html
Published: Mon Aug 4 11:36:58 2025 by llama3.2 3B Q4_K_M
