Pentagon Stealer: Go and Python Malware Targeting Crypto

SUMMARY :

Pentagon Stealer is an evolving malware threat that exists in both Python and Golang versions. It primarily targets browser credentials, cookies, crypto wallet data, and messaging app tokens. The malware exploits browser debug modes to bypass encryption and injects into crypto wallets to steal sensitive information. Initially spread through typosquatting, it has appeared under various names like 1312, Acab, Vilsa, and BLX stealer. The Golang version expanded its capabilities to target more browsers. Pentagon Stealer uses HTTP requests for C2 communication and is often part of larger attack chains. While relatively simple, its persistent development and integration into various campaigns make it an ongoing threat to users' financial and personal data.

OPENCTI LABELS :

stealer,cryptocurrency,purecrypter,python,data theft,go,blx stealer,vilsa stealer,wallet injection,1312 stealer,browser exploitation,pentagon stealer,acab stealer


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Pentagon Stealer: Go and Python Malware Targeting Crypto