- A new Linux Malware -Variant offers advanced features and evasion mechanisms
- It has already infected thousands of devices all over the world
- Passwords, credit card info and more at risk
A brand new Linux Malware that infects thousands of computers around the world has been found and stealing people’s login information, payment information and browser cookies are security researchers warn.
Sentinellabs and Beazley Security issued a joint report describing the activities of PXA Stealer, a new Python-based infoTeal for the Linux platform.
It was only discovered at the end of 2024 and has since grown into a formidable threat, avoiding defense tools while causing destruction across the globe.
Side load
Since its inception, PSA Stealer has seen several iterations, with the latest stealing information from approx. 40 Browsers – Saved Passwords, Cookies, Personally Identifiable Information (PII), Auto -Pill Data, Approval and More.
It can target browser extensions to various crypto cartoons, including Exodus, Magic Eden, Crypto.com and many others, and can draw data from places like Coinbase, Kraken and Paypal. Finally, it can inject a dll into running browser deposits to bypass encryption mechanisms.
PSA stealer is apparently distributed through phishing -e emails and malicious landing pages. The malicious attachments contain a legitimate program (such as a PDF reader) and a weapon dll. The program is side by DLL and successfully implements malware while not raising alarms.
More than 4,000 computers were infected with PSA steals in 62 countries, the two companies said, suggesting that the campaign is pretty successful.
However, attackers – who appear to be of Vietnamese origin – are not interested in using the stolen data themselves, and instead sell them on the black market – in a telegram group.
The majority of the victims are located in South Korea, the USA, the Netherlands, Hungary and Austria.
“Originally surface at the end of 2024, this threat has since matured to a very evasive, multi-stage operation driven by Vietnamese-speaking actors with apparent ties to an organized cyber criminal telegram-based marketplace selling stolen sacrificial data,” the researchers explained. So far, more than 200,000 were stolen passwords as well as hundreds of credit card information and more than four million cookies.
Via Registered
