New PXA Stealer Malware Targets Banks, Uses Telegram to Exfiltrate Data

CyberProof researchers have detected a 10% surge in PXA Stealer attacks targeting financial institutions in Q1 2026. Learn how this malware uses phishing and Telegram to steal passwords and crypto.

Financial firms across the globe are facing a fresh wave of digital break-ins this year. According to cyber threat detection firm CyberProof, a relatively new malware known as the PXA Stealer has seen a sudden spike in activity.

During the first quarter of 2026, experts tracked an 8% to 10% increase in attacks using this specific tool. However, this spike isn’t a coincidence because it follows the high-profile police takedowns of older infostealers like RedLine and Lumma in 2025.

This indicates that PXA has stepped in to take their place. In a report shared with Hackread.com, CyberProof threat intelligence experts noted that these new campaigns are becoming increasingly adaptable, switching between different disguises to trick employees.

How the ...