Novel PXA Stealer leveraged by Vietnamese hackers

Organizations in the government and education sectors across Asia and Europe have been targeted by Vietnamese hackers in attacks involving the new PXA Stealer malware, which sought to exfiltrate financial details, online credentials, and other sensitive data, The Hacker News reports.

Attackers delivered phishing emails with a ZIP file attachment with an executable Rust-based loader, which prompts Windows batch scripts that not only open lure documents but also facilitate the deactivation of antivirus software prior to the deployment of the Python-based information-stealing malware, an analysis from Cisco Talos showed. "PXA Stealer has the capability to decrypt the victim's browser master password and uses it to steal the stored credentials of various online accounts," said researchers, who added that Facebook cookies have been primarily targeted by PXA Stealer to enable session authentication and further account and ad-related data compromise. Such an attack campaign has been associated with Vietnamese threat actors after the discovery of Vietnamese comments and the Lone None Telegram account having the Vietnamese national flag in PXA Stealer's program.