Python - Cybersec Sentinel

Python

A collection of 3 posts

PXA Stealer Malware Uses Trusted Cloud Services to Exfiltrate Government and Education Credentials

PXA Stealer Malware Uses Trusted Cloud Services to Exfiltrate Government and Education Credentials

Threat Group: Vietnamese-speaking cybercrime actors (possible overlap with CoralRaider) Threat Type: Python-based Information Stealer (Infostealer) Exploited Vulnerabilities: DLL sideloading, phishing ZIP archives, abuse of legitimate cloud services (Cloudflare Workers, Dropbox) Malware Used: PXA Stealer Threat Score: 🔥 Critical (9.0/10) – Due to advanced evasion, large-scale credential theft, and abuse of

InvisibleFerret Malware Leveraging Python for Targeted Attacks

InvisibleFerret Malware Leveraging Python for Targeted Attacks

Threat Group: North Korean Threat Actors (e.g., Lazarus Group) Threat Type: Backdoor Malware Exploited Vulnerabilities: None (Relies on social engineering and malicious delivery) Malware Used: InvisibleFerret (Python-based backdoor), BeaverTail (JavaScript-based stealer and loader) Threat Score: High (8.8/10) – High impact due to complex multi-stage infection and data exfiltration

Vietnamese Hackers Use Python Based PXA Stealer for Sensitive Data Theft

Vietnamese Hackers Use Python Based PXA Stealer for Sensitive Data Theft

Threat Group: Vietnamese-speaking threat actors (linked to CoralRaider and Lone None) Threat Type: Information Stealer Exploited Vulnerabilities: Targets sensitive data including credentials, VPNs, FTP clients, browser cookies, and gaming platforms Malware Used: PXA Stealer Threat Score: High (9.0/10) — Comprehensive data theft capabilities and strong targeting focus on government