securityonline.info
Open in
urlscan Pro
2600:1f10:4c55:e23d:5d5b:8bb5:8ae2:1fff
Public Scan
URL:
https://securityonline.info/pxa-stealer-new-malware-targets-governments-and-education-across-europe-and-asia/
Submission: On November 20 via api from IN — Scanned from US
Submission: On November 20 via api from IN — Scanned from US
Form analysis 3 forms found in the DOM
https://securityonline.info/
<form role="search" class="search-form" action="https://securityonline.info/"><label><span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Search …" name="s"></label>
<input type="submit" class="search-submit" value="Search">
</form>https://securityonline.info/
<form role="search" class="search-form" action="https://securityonline.info/"><label><span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Search …" name="s"></label>
<input type="submit" class="search-submit" value="Search">
</form><form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id1">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id50" class="gstl_50 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti50" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id1"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; background: url("https://www.google.com/cse/static/images/1x/en/branding.png") left center no-repeat rgb(255, 255, 255); outline: none;"
dir="ltr" spellcheck="false"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st50" dir="ltr"><a class="gsst_a" href="javascript:void(0)" style="display: none;" title="Clear search box" role="button"><span class="gscb_a" id="gs_cb50" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form>Text Content
Skip to content
Cybersecurity News
* Search for:
* Home
* Cyber Security
* Data Leak
* Linux
* Malware Attack
* Open Source Tool
* Technology
* Vulnerability
* Windows
* Home
* Cyber Security
* Data Leak
* Linux
* Malware Attack
* Open Source Tool
* Technology
* Vulnerability
* Windows
Search for:
Cybersecurity News
* Cyber Security / Malware
PXA STEALER: NEW MALWARE TARGETS GOVERNMENTS AND EDUCATION ACROSS EUROPE AND
ASIA
by do son · November 17, 2024
Infection Chain | Image: Cisco Talos
Cisco Talos recently identified a sophisticated cyber campaign targeting
sensitive information in government and educational sectors across Europe and
Asia. Operated by a Vietnamese-speaking threat actor, this campaign leverages a
new information-stealing malware named “PXA Stealer.” Cisco’s report reveals
that PXA Stealer is meticulously designed to infiltrate victims’ systems and
siphon a range of critical data, including credentials, financial information,
and other sensitive details from web browsers and applications.
1. x
Please enable JavaScript
Video Player is loading.
Play Video
Pause
Unmute
Current Time 0:11
/
Duration 1:58
0:11
Remaining Time -1:47
1x
Playback Rate
* 2x
* 1.5x
* 1x, selected
* 0.5x
Captions
* captions off, selected
* American English Captions
Watch on Humix
Auto(360pLQ)
* Back
* 1080pFHD
* 720pHD
* Auto(360pLQ)
Settings
ShareFullscreen
2. 1. Now Playing
Up NextCyber Risk Management: International Law Enforcement Effort
Disrupts LockBit Ransomware
1:58
2. Now Playing
Up NextC Malware 3 4 Revivir Un Sistema Windows Después De Un Malware
7:40
3. Now Playing
Up NextCybersecurity Explained_ Protecting Your Digital World
2:35
4. Now Playing
Up NextTerrorism Detection using Machine Learning | EDA | Defence
Analyst
8:01
5. Now Playing
Up NextHow to find malicious apps on android? | Malicious software
5:03
6. Now Playing
Up NextShielding Your Digital Fortress: A Comprehensive Guide to
Preventing Cybersecurity Attacks
23:25
7. Now Playing
Up NextC Malware 1 5 Antivirus Vs Antimalware
1:48
8. Now Playing
Up NextIt Security When Working From Home
1:51
9. Now Playing
Up NextExploring Top 3 Popular Cybersecurity Frameworks
2:41
10. Now Playing
Up NextBest MongoDB security practices
1:26
11.
x
Please enable JavaScript
Video Player is loading.
Play Video
Play
Mute
Current Time 0:00
/
Duration 1:58
0:00
Remaining Time -1:58
1x
Playback Rate
Captions
Picture-in-PictureWatch on Humix
Settings
* Settings
* SubtitlesCaptions Off
* Speed1x
* Qualityauto
* Back
* captions off, selected
* American English Captions
* Back
* 2x
* 1.5x
* 1x, selected
* 0.5x
* Back
* 1080pFHD
* 720pHD
* Auto(360pLQ)
Auto(360pLQ)
ShareFullscreen
Cyber Risk Management: International Law Enforcement Effort Disrupts LockBit
Ransomware
Share
Watch on
Cyber Risk Management: International Law Enforcement Effort Disrupts LockBit
Ransomware
The Talos report highlights, “PXA Stealer has the capability to decrypt the
victim’s browser master password and uses it to steal the stored credentials of
various online accounts.” This unique feature enables the malware to bypass
security measures and directly access encrypted browser data, allowing attackers
to harvest usernames, passwords, cookies, and even autofill information.
Targeted entities in this campaign include educational institutions in India and
government organizations in European nations such as Sweden and Denmark.
According to Talos, “the attacker’s motive is to steal the victim’s information,
including credentials for various online accounts, browser login data, cookies,
autofill information, credit card details, data from various cryptocurrency
online and desktop wallets, data from installed VPN clients, gaming software
accounts, chat messengers, password managers, and FTP clients.”
The infrastructure supporting PXA Stealer includes domains like tvdseo[.]com,
which is suspected to either be compromised or used with legitimate access for
hosting malicious payloads. The threat actor utilizes Telegram bots for data
exfiltration, effectively concealing and coordinating the transfer of sensitive
data. Talos experts found, “the attacker’s Telegram account has biography data
that includes a link to a private antivirus checker website that allows users or
buyers to assess the detection rate of a malware program,” indicating a
calculated approach to ensuring PXA Stealer remains undetected.
Cisco Talos observed that the PXA Stealer campaign begins with a phishing email
carrying a ZIP file attachment, containing a malicious loader written in Rust.
Upon execution, the loader deploys multiple obfuscated batch scripts to avoid
detection. Talos notes, “each step in the process being crucial and requiring
precise execution to achieve accurate deobfuscation,” underscoring the
complexity of the malware’s delivery method.
Beyond traditional data theft, PXA Stealer also targets specific profiles in
popular browsers, extracting login data, cookies, and credit card details stored
in encrypted databases. The malware further “collects the victim’s login
information from the browser’s login data file,” prioritizing information
associated with high-value accounts.
RELATED POSTS:
* Cisco Talos Warns of Stealthy NetSupport RAT Campaigns
* Cisco’s Talos found a hacking campaign that targets iPhone users
* Akira Ransomware Exploit CVE-2024-40766 in SonicWall SonicOS
* From Fake Updates to Data Exfiltration: Inside Interlock Ransomware’s
Operations
* Cisco’s Talos issued security alert: new VPNFilter malware affected 500,000
networking devices worldwide
Share
Tags: PXA Stealer
Follow:
*
*
*
*
*
SEARCH
×
search
Visit Penetration Testing Tools & The Information Technology Daily
Support Securityonline.info site. Thanks!
* Vulnerability
CVE-2024-9488 (CVSS 9.8): Authentication Bypass Flaw in wpDiscuz Plugin, Over
80,000 Sites at Risk
October 26, 2024
* Vulnerability
CVE-2024-10392 (CVSS 9.8): Popular WordPress AI Plugin Exposed to Critical
Security Risk
October 31, 2024
* Vulnerability
CVE-2024-10470 (CVSS 9.8) in Popular WordPress Theme Exposes Thousands of
Sites
November 8, 2024
* Vulnerability
CISA Flags Critical Exploits in Palo Alto Networks’ Expedition with Public
PoC Code
November 14, 2024
* Vulnerability
Early Cascade Injection: A Novel Evasion Technique
October 21, 2024
Reward
BRILLIANTLY
SAFE!
securityonline.info
CONTENT & LINKS
Verified by Sur.ly
2022
WEBSITE
1. About SecurityOnline.info
2. Advertise on SecurityOnline.info
3. Contact
* About Us
* Contact Us
* Disclaimer
* Privacy Policy
* DMCA NOTICE
* Sponsors
* Join Us
* Member Login
* Thank You
* Membership Renewal
Cybersecurity News © 2024. All Rights Reserved.
*
*
*
*
*
×
x
x
Please enable JavaScript
Play
Mute
Current Time 0:00
/
Duration 0:00
Remaining Time -0:00
1x
Playback Rate
Captions
* captions off, selected
Picture-in-PictureFullscreen