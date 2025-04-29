DUBAI, DUBAI, UNITED ARAB EMIRATES, April 29, 2025 /EINPresswire.com/ -- ANY.RUN, a premier provider of interactive malware analysis and threat intelligence solutions, has published a comprehensive report by its analyst team exposing Pentagon Stealer, an evolving malware that poses a critical threat to organizations worldwide.

𝐏𝐞𝐧𝐭𝐚𝐠𝐨𝐧 𝐒𝐭𝐞𝐚𝐥𝐞𝐫: 𝐊𝐞𝐲 𝐓𝐡𝐫𝐞𝐚𝐭𝐬

Pentagon Stealer, in Python and Golang variants, steals sensitive data with advanced techniques:

· 𝗗𝗮𝘁𝗮 𝗧𝗵𝗲𝗳𝘁: Extracts browser credentials, cookies, Atomic/Exodus wallet data, Discord/Telegram tokens, and files from Chromium- and Gecko-based browsers (Firefox, Zen, Waterfox).

· 𝗠𝘂𝗹𝘁𝗶𝗽𝗹𝗲 𝗩𝗲𝗿𝘀𝗶𝗼𝗻𝘀: The malware is extensively utilized under different names 1312, Acab, Vilsa, and BLX stealer.

· 𝗖𝗿𝘆𝗽𝘁𝗼 𝗪𝗮𝗹𝗹𝗲𝘁 𝗜𝗻𝗷𝗲𝗰𝘁𝗶𝗼𝗻: Replaces app.asar files in Atomic/Exodus wallets to steal mnemonics/passwords.

· 𝗗𝗲𝗯𝘂𝗴 𝗠𝗼𝗱𝗲: Launches Chromium browsers in debug mode to bypass DPAPI encryption, stealing unencrypted cookies.

· 𝗖𝟮 𝗖𝗼𝗺𝗺𝘂𝗻𝗶𝗰𝗮𝘁𝗶𝗼𝗻: Uses HTTP with pentagon[.]cy/stealer[.]cy servers; BLX uploads to gofile.io, sending links to C2.

Its evolution and integration into attack chains with droppers/miners amplify its risk.

Read the analysis on ANY.RUN’s blog.

𝐇𝐨𝐰 𝐀𝐍𝐘.𝐑𝐔𝐍 𝐇𝐞𝐥𝐩𝐬 𝐁𝐮𝐬𝐢𝐧𝐞𝐬𝐬𝐞𝐬 𝐂𝐨𝐮𝐧𝐭𝐞𝐫 𝐏𝐞𝐧𝐭𝐚𝐠𝐨𝐧 𝐒𝐭𝐞𝐚𝐥𝐞𝐫 𝐀𝐭𝐭𝐚𝐜𝐤𝐬

ANY.RUN’s Interactive Sandbox provides companies and SOC teams with the ability to detect and analyze Pentagon Stealer attacks.

Businesses can leverage its real-time insights to extract Indicators of Compromise (IOCs), monitor C2 communications, and trace infection chains, enabling fast detection and mitigation.

𝐀𝐛𝐨𝐮𝐭 𝐀𝐍𝐘.𝐑𝐔𝐍

ANY.RUN is a trusted partner for over 15,000 organizations in finance, healthcare, retail, technology, and beyond, delivering advanced malware analysis and threat intelligence products. Its cloud-based Interactive Sandbox, Threat Intelligence Lookup, and TI Feeds enable businesses to detect, analyze, and investigate the latest malware and phishing campaigns to streamline triage, response, and proactive security.

