The provincial police announced Wednesday the indictment of 12 suspects in connection with the cybercrime ring for “producing, trading, exchanging or distributing tools, software or computer systems for illegal purposes” and “illegally accessing computer networks, telecommunications networks or electronic devices.”
Among those charged is a male high school boy from Hac Thanh Ward.
Police search the residence in Thanh Hoa Province of a12th grader accused of creating a malware. Photo by Read/Lam Son |
According to authorities, he began developing the malicious source code in 2024 while he was still in 11th grade.
Working independently using Python and C++, he created malware capable of bypassing basic operating system defenses to extract login cookies, saved browser passwords, autofill data, and other sensitive personal information.
Then, in July 2024 he connected via social media with Le Thanh Cong, 28, in the central Ha Tinh Province, and the latter commissioned the boy to develop malware tailored for large-scale distribution and data harvesting.
Once deployed, the stolen data was automatically routed to Telegram bot systems managed by the crime ring.
Cong later introduced the student to Phan Xuan Anh, 21, of nearby Nghe An Province.
 |
Suspect Phan Xuan Anh (C) is arrested in a malware production scheme. Photo by Read/Lam Son |
Together, the two developed a sophisticated new malware strain dubbed “PXA Stealers” that was designed not only to steal information but to grant full remote control over victims’ computers.
The teenager reportedly got a 15% share of the profits generated from selling the stolen data.
To solidify its control, the gang purchased and integrated remote-access source code into the malware, allowing the program to install automatically the moment a victim opened an infected file and granting operators immediate remote access to the compromised machine.
In November 2024 the student was contracted by another person to develop a malware variant named “Adonis” for a flat fee of $500.
He also reportedly earned $50-100 each time this gang generated a profit from the data stolen using this specific virus.
The gang spread the malware on a massive scale by sending spam emails to users in multiple countries, cleverly disguising the malicious files as standard PDFs or text documents.
Once opened, the malware activated instantly and infiltrated the system.
Authorities have so far identified more than 94,000 infected computers across Europe, the Americas and Asia.
Beyond harvesting personal data, the network also hijacked social media accounts with massive followings and used the compromised accounts to run illicit advertisements, sell goods or transfer ownership to third parties for a profit.
Investigators estimate the gang amassed tens of billions of Vietnamese dong by developing and modifying the malware. (VND10 billion = US$380,000)
Comments are closed.