- A new variant of Linux malware offers advanced characteristics and evasion mechanisms
- He has already infected thousands of devices worldwide.
- Passwords, credit card information and more, at risk
It has been found that a new Linux malware infected thousands of computers worldwide, stealing the people’s login credentials, payment information and browser cookies, security researchers are warning.
Sentinellabs and Beazley Security issued a joint report detailing the activities of Pxa Stealer, a new Python infent infants for the Linux platform.
First it was seen at the end of 2024, and since then it has become a formidable threat, successfully evading defense tools while raising wreaked throughout the world.
Lateral load
Since its inception, the Stealer of PSA has seen multiple iterations, with the latest theft information of approximately 40 browsers: saved passwords, cookies, personal identification information (PII), automatic approach data, authentication tokens and more.
You can aim at browser extensions for several cryptography wallets, including Exodus, Magic Eden, Crypto.com and many others, and can extract data from sites such as Coinbase, Kraken and Paypal. Finally, you can inject a DLL into the instances of the browser in execution to avoid encryption mechanisms.
Apparently, PSA Stealer is being distributed through phishing emails and malicious destination pages. Malicious accessories contain a legitimate program (such as a PDF reader) and an armed DLL. The program solves the DLL, successfully implementing malware without lending any alarm.
More than 4,000 computers were infected with PSA Stealer in 62 countries, the two companies said, suggesting that the campaign is quite successful.
However, the attackers, who seem to be of Vietnamese origin, are not interested in using stolen data in themselves and, instead, sell them in the black market, in a telegram group.
Most victims are in South Korea, the United States, the Netherlands, Hungary and Austria.
“Initially emerging at the end of 2024, this threat has matured in a highly evasive operation and several stages promoted by Vietnamese -speaking actors with apparent links with an organized market based on the cybercriminal telegram that sells data from stolen victims,” explained the researchers. Until now, more than 200,000 were stolen passwords, as well as hundreds of credit card information and more than four million cookies.
Through The registration
