116
A new malware campaign has impacted users globally, stealing sensitive data. Known as PXA stealer, this Python-based malware is actively targeting users in 62 countries.
PXA Python Malware Emerges As A Potent Data Stealer
Researchers from SentinelOne have revealed details about a newly discovered malware in a recent post. The PXA malware is running active campaigns, targeting users in multiple countries and stealing data. Due to its aggressive nature, it drew the attention of researchers from Beazley Security and SentinelOne, who collaborated to investigate the malware thoroughly.
PXA is a potent Python-based malware with strong data-stealing capabilities. Once it infects a device, it extracts sensitive information like passwords, payment details, and cryptocurrency wallets to attackers’ Telegram channels via bots.
The attack begins when the malware enters a device through sideloading to legitimate software, malicious DLLs, or malicious file archives delivered through phishing. The campaign employs evasive techniques to evade detection by security tools.
After reaching the target device, the final payload, the PXA Stealer, activates and sends data to attackers via Telegram. The PXA Stealer supports various apps, leading to the exfiltration of a wide range of sensitive information. It analyzes Chromium/Gecko browsers to steal stored data and injects a malicious DLL into active Chrome instances to bypass Chrome’s App-bound Encryption.
This malware has been running active campaigns since 2024. Researchers traced the campaign’s origins to Vietnamese-speaking threat actors who sell stolen data on a Telegram-based cybercriminal marketplace.
Over 4000 victims of this malware campaign across 62 countries were identified by the researchers based on IP addresses. Most victims are from the United States, the Netherlands, South Korea, Austria, and Hungary. Stolen data includes over 200,000 unique passwords, 4 billion browser cookies, and hundreds of credit card details.
Watch Out For Infostealers
Infostealers like PXA are highly dangerous, allowing threat actors to operate discreetly due to their stealthy behavior. While users may not be able to secure stolen information, they can take precautions to avoid such online threats.
Since infostealers target stored data, particularly data in browsers, it’s advisable not to store sensitive information in browsers. Avoid leaving payment information stored on websites and browsers to reduce the risk of financial fraud. While it may be inconvenient to re-enter details, it’s safer than exposing sensitive information to adversaries.
If storing information is necessary, users should use a reliable password manager to handle sensitive data. While not foolproof, password managers minimize the exposure of sensitive information to online threats.
Share your thoughts in the comments below.
Get real-time updates about this post category directly on your device, subscribe now.
