PXA Stealer Malware Targets Financial Institutions via Phishing ZIP Files

Severity: High (Score: 64.5)

Sources: Cybersecuritynews, Gbhackers

Summary

A surge in cyberattacks utilizing PXA Stealer malware has been reported, primarily targeting financial institutions globally. This increase follows the dismantling of major infostealer operations such as Lumma, Rhadamanthys, and RedLine in 2025, which has left a gap in the malware landscape. PXA Stealer is being deployed through phishing ZIP files, making it a significant threat to organizations handling sensitive financial data. Researchers have noted a sharp rise in these campaigns during the first quarter of 2026, indicating a shift in tactics among cybercriminals. Financial firms are urged to enhance their security measures to combat this evolving threat. The current status shows that PXA Stealer is actively being used in the wild, necessitating immediate attention from cybersecurity professionals. Key Points: • PXA Stealer malware is increasingly targeting financial institutions via phishing ZIP files. • The rise in PXA Stealer activity follows the takedown of major malware families in 2025. • Financial organizations are advised to bolster their defenses against this emerging threat.

Key Entities

• Malware (attack_type)
• Phishing (attack_type)
• Financial (industry)
• Lumma (malware)
• PXA Stealer (malware)
• RedLine (malware)
• Rhadamanthys (malware)
• T1566.001 - Spearphishing Attachment (mitre_attack)