A new wave of cyberattacks using a Python-based malware called PXA Stealer is targeting users worldwide, infecting over 4,000 devices across 62 countries. Vietnamese-speaking cybercriminals are behind these attacks, stealing sensitive data like passwords, credit card details, and browser cookies. The stolen information is sold through an underground marketplace on Telegram, using advanced techniques to avoid detection, such as fake documents and complex infection methods. The malware has evolved in 2025, targeting browsers, VPNs, and apps like Discord, making it a significant threat.