logo
Questions? +1 (202) 335-3939 Login
Set Up FREE Account Submit Release
Trusted News Since 1995
A service for global professionals · Tuesday, April 29, 2025 · 807,881,829 Articles · 3+ Million Readers
Got News to Share? Send 2 FREE Releases
News Search | All News Topics > Arab League News Topics: By Country | By State ; Press Releases by Industry Channel > All Arab League Press Releases

ANY.RUN Exposes Pentagon Stealer: Crypto and Data Theft Malware Targeting Businesses

DUBAI, DUBAI, UNITED ARAB EMIRATES, April 29, 2025 /EINPresswire.com/ -- ANY.RUN, a premier provider of interactive malware analysis and threat intelligence solutions, has published a comprehensive report by its analyst team exposing Pentagon Stealer, an evolving malware that poses a critical threat to organizations worldwide.

饾悘饾悶饾惂饾惌饾悮饾悹饾惃饾惂 饾悞饾惌饾悶饾悮饾惀饾悶饾惈: 饾悐饾悶饾惒 饾悡饾悺饾惈饾悶饾悮饾惌饾惉

Pentagon Stealer, in Python and Golang variants, steals sensitive data with advanced techniques:

路 饾棗饾棶饾榿饾棶 饾棫饾椀饾棽饾棾饾榿: Extracts browser credentials, cookies, Atomic/Exodus wallet data, Discord/Telegram tokens, and files from Chromium- and Gecko-based browsers (Firefox, Zen, Waterfox).

路 饾棤饾槀饾椆饾榿饾椂饾椊饾椆饾棽 饾棭饾棽饾椏饾榾饾椂饾椉饾椈饾榾: The malware is extensively utilized under different names 1312, Acab, Vilsa, and BLX stealer.

路 饾棖饾椏饾槅饾椊饾榿饾椉 饾棯饾棶饾椆饾椆饾棽饾榿 饾棞饾椈饾椃饾棽饾棸饾榿饾椂饾椉饾椈: Replaces app.asar files in Atomic/Exodus wallets to steal mnemonics/passwords.

路 饾棗饾棽饾棷饾槀饾棿 饾棤饾椉饾棻饾棽: Launches Chromium browsers in debug mode to bypass DPAPI encryption, stealing unencrypted cookies.

路 饾棖饾煯 饾棖饾椉饾椇饾椇饾槀饾椈饾椂饾棸饾棶饾榿饾椂饾椉饾椈: Uses HTTP with pentagon[.]cy/stealer[.]cy servers; BLX uploads to gofile.io, sending links to C2.

Its evolution and integration into attack chains with droppers/miners amplify its risk.

Read the analysis on ANY.RUN鈥檚 blog.

饾悋饾惃饾惏 饾悁饾悕饾悩.饾悜饾悢饾悕 饾悋饾悶饾惀饾惄饾惉 饾悂饾惍饾惉饾悽饾惂饾悶饾惉饾惉饾悶饾惉 饾悅饾惃饾惍饾惂饾惌饾悶饾惈 饾悘饾悶饾惂饾惌饾悮饾悹饾惃饾惂 饾悞饾惌饾悶饾悮饾惀饾悶饾惈 饾悁饾惌饾惌饾悮饾悳饾悿饾惉

ANY.RUN鈥檚 Interactive Sandbox provides companies and SOC teams with the ability to detect and analyze Pentagon Stealer attacks.

Businesses can leverage its real-time insights to extract Indicators of Compromise (IOCs), monitor C2 communications, and trace infection chains, enabling fast detection and mitigation.

饾悁饾悰饾惃饾惍饾惌 饾悁饾悕饾悩.饾悜饾悢饾悕

ANY.RUN is a trusted partner for over 15,000 organizations in finance, healthcare, retail, technology, and beyond, delivering advanced malware analysis and threat intelligence products. Its cloud-based Interactive Sandbox, Threat Intelligence Lookup, and TI Feeds enable businesses to detect, analyze, and investigate the latest malware and phishing campaigns to streamline triage, response, and proactive security.

The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
LinkedIn
YouTube
X

Powered by EIN Presswire

Distribution channels: Banking, Finance & Investment Industry, IT Industry, International Organizations, Technology, World & Regional

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Submit your press release

Arab League News Today by EIN Newsdesk & EIN Presswire (a press release distribution service)

Follow us on Facebook and connect with us on LinkedIn

Newsmatics Inc., 1025 Connecticut Avenue NW, Suite 1000, Washington, DC 20036 · Contact · About

© 1995-2025 Newsmatics Inc., a publisher of EIN News · All Rights Reserved · Privacy Policy · User Agreement