Intel Name: New pxa stealer targets government and education sectors for sensitive information
Date of Scan: November 19, 2024
Impact: Medium
Summary: A new information-stealing campaign has been discovered, involving a Python-based malware called PXA Stealer, which targets government and education sectors in Europe and Asia. Operated by a Vietnamese-speaking threat actor, PXA Stealer is designed to steal sensitive data, including online account credentials, VPN/FTP client information, financial data, browser cookies, and gaming software details. The malware can also decrypt browser master passwords to harvest stored credentials. The attacker has used advanced obfuscation techniques to evade detection and has been selling stolen credentials and tools on a Telegram channel linked to a known adversary group “CoralRaider”, though their exact affiliation remains unclear.
