According to investigators, the student, identified as N.V.X., residing in Hac Thanh ward, began learning programming languages such as Python and C++ in 2023. Initially experimenting with basic software, the student later developed malicious code capable of extracting data stored in users’ web browsers and bypassing standard security protections.

By 2024, he had completed a malware toolkit designed to steal sensitive information from infected devices. The operation expanded after N.V.X. connected with accomplices via Telegram. One of them, Le Thanh Cong, 28, reportedly commissioned the student to develop malware for data theft. The stolen data was automatically transmitted to Telegram bot systems managed by the group.

The stolen data was sent to Telegram channels such as “STC New Logs”, “STC Notification” and “STC Reset Logs”, where the suspects monitored, downloaded and sorted the information for further exploitation.

After their cooperation proved ineffective, Cong introduced X. to Phan Xuan Anh, a 20-year-old from Nghe An Province who used the Telegram account “Mr Bean”. Anh commissioned a new malware programme called “PXA Stealers”, designed to steal data and gain administrative control over victims’ computers. The pair agreed that X. would receive 15% of the profits generated from exploiting the stolen data.

The group operated under a structured model, with X handling coding and updates, while other members focused on distributing malware and monetizing the stolen information. The malware was continuously refined to evade detection by security systems.

The network later expanded further when another individual, using the Telegram alias “Adonis,” commissioned a separate malware product with similar capabilities for US$500, along with profit-sharing arrangements.

Authorities said that from August 2024 until the arrests, the group released multiple versions of malware, infecting more than 94,000 computers worldwide, primarily in Europe, the Americas, and parts of Asia.

The stolen data was mainly used to hijack social media accounts, particularly Facebook accounts with advertising capabilities. These accounts were then used for online sales schemes or sold to third parties for illicit gains.

Initial estimates suggest that the group earned tens of billions of Vietnamese dong (millions of US dollars) through these illegal activities.

Thanh Hoa police have launched criminal proceedings against 12 suspects on charges including producing and distributing malicious software for illegal purposes and illegally accessing computer and telecommunications networks.

Facebook account hackers arrested

VOV.VN - Police based in the central city of Da Nang and in Trieu Phong district of the central province of Quang Tri have arrested two people for illegally appropriating property on social media.