Thanh Hoa student creates malware to infiltrate over 94,000 computers worldwide

A 12th-grade student is accused of programming malware and selling it to a cybercrime group, which then infiltrated over 94,000 computers to seize control and steal data.

On March 25th, Thanh Hoa Provincial Police announced the indictment of 12 defendants for "Producing, buying, selling, exchanging or gifting tools, computers, software for illegal purposes" (Article 285 of the Penal Code) and "Illegally accessing computer networks, telecommunication networks or electronic devices of others" (Article 289 of the Penal Code).

Among those indicted is Nguyen, a 12th-grade student residing in Hac Thanh ward.

Police search the residence of student Nguyen. Photo: Lam Son

According to the investigation, in 2024, while in 11th grade, Nguyen independently programmed malware capable of stealing data from computers and bypassing basic operating system protections. The student utilized Python and C++ to develop the malicious code, which could collect login cookies, browser-saved passwords, autofill data, and other personal information.

In July 2024, Nguyen connected with Le Thanh Cong, 28, from Ha Tinh, via social media. Cong proposed that Nguyen develop malware for distribution and user data collection. Nguyen agreed, leading to stolen data being automatically sent to a Telegram bot system managed by the group.

Through Cong, Nguyen subsequently met Phan Xuan Anh, 21, residing in Nghe An. The two agreed to develop a new malware strain named "PXA Stealers", designed to steal information and take control of victim computers. Under their agreement, Nguyen was to receive 15% of the profits generated from data exploitation and sales.

To enhance control capabilities, the group also acquired remote control software source code and integrated it into their malware program. When users opened a file containing the malware, the system would automatically install itself, granting the perpetrators remote access and control over the infected computer.

By November 2024, Nguyen was introduced to another individual to program malware called "Adonis" for 500 USD. Additionally, Nguyen received an extra 50 to 100 USDT for each instance of profit generated from data exploitation.

Suspect Phan Xuan Anh arrested. Photo: Lam Son

Investigators stated that to widely distribute the malware, the group employed mass email software, targeting users in various countries. The attached files were disguised as common documents, such as PDF files or text documents, to deceive victims. Upon downloading and opening these files, the malware would immediately activate and infiltrate the system.

Authorities initially identified over 94,000 computers across multiple countries in Europe, America, and Asia that had been infected by the malware distributed by this group.

Beyond stealing personal data, the network also seized control of social media accounts with large follower bases to run advertisements, sell products, or transfer them to third parties for illicit gains. Investigators determined that this network illegally profited tens of billions of VND from programming and modifying malware.

Thanh Hoa Provincial Police are expanding the investigation to clarify the roles of each individual involved.

Le Hoang

By VnExpress: https://vnexpress.net/nam-sinh-o-thanh-hoa-viet-ma-doc-xam-nhap-hon-94-000-may-tinh-tren-the-gioi-5054438.html