The ongoing cybercrime campaign has affected over 4,000 victims in 62 countries, with South Korea, the US, and several European nations being especially targeted. The attackers utilize the Python-based PXA Stealer, which emerged in late 2024 and evolved into an intricate attack method. They have stolen substantial amounts of data, including passwords and credit card information, subsequently selling it on Telegram-based marketplaces. Innovative techniques for evasion and delivery have been employed, such as using legitimate software to hide malicious content effectively.
"Initially surfacing in late 2024, this threat has since matured into a highly evasive, multi-stage operation driven by Vietnamese-speaking actors with obvious ties to organized cybercriminal Telegram-based marketplaces that sell stolen victim data."
"Data thieves have pilfered more than 200,000 unique passwords, hundreds of credit card records, and more than 4 million harvested browser cookies. All this information is then sold on stolen-data marketplaces, giving crooks easy access to victims' bank accounts and other personal data."
Collection
[
|
...
]