Pentagon Stealer: Go and Python Malware Targeting Crypto
Essential information
- Published
- 30/04/2025 08:17
- Modified
- 30/04/2025 09:00
- Tags
- 1312 stealer 2025-04-30 acab stealer blx stealer browser exploitation cryptocurrency data theft go pentagon stealer purecrypter python stealer vilsa stealer wallet injection
- Related entities
- 19 observables, 6 malware
Description
Pentagon Stealer is an evolving malware threat that exists in both Python and Golang versions. It primarily targets browser credentials, cookies, crypto wallet data, and messaging app tokens. The malware exploits browser debug modes to bypass encryption and injects into crypto wallets to steal sensitive information. Initially spread through typosquatting, it has appeared under various names like 1312, Acab, Vilsa, and BLX stealer. The Golang version expanded its capabilities to target more browsers. Pentagon Stealer uses HTTP requests for C2 communication and is often part of larger attack chains. While relatively simple, its persistent development and integration into various campaigns make it an ongoing threat to users' financial and personal data.