4,000+ Victims Targeted By Telegram-Based Infostealer Operation - 1

Image by Christian Wiediger, from Unsplash

4,000+ Victims Targeted By Telegram-Based Infostealer Operation

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

The Python-based malware PXA Stealer enables hackers to steal data from thousands of users without being detected, and later sell it through Telegram.

In a rush? Here are the quick facts:

  • Over 4,000 victims across 62 countries hit by PXA Stealer malware.
  • Hackers stole 200,000+ passwords and 4 million browser cookies.
  • Malware spreads via fake PDF and Word files with hidden code.

Researchers at SentinelLabs report that the Python-based PXA Stealer malware has launched a new powerful cyber attack that has infected thousands of computers in at least 62 countries, stealing more than 200,000 passwords, credit card information, as well as millions of browser cookies..

The operation, which first appeared in late 2024, has grown increasingly sophisticated in 2025. The operation uses fake downloads such as Haihaisoft PDF Reader, or Microsoft Word 2013, to trick users into opening malicious files.

These files then install malware stealing sensitive information such as, cryptocurrency wallet details, saved passwords, browser history, and subsequently sending them to private Telegram channels via automated bots.

Researchers say “the threat actors behind these campaigns are linked to Vietnamese-speaking cybercriminal circles” that profit from selling the stolen data using Telegram’s API.

The malware, PXA Stealer, uses sophisticated methods to hide its presence. For example, it conceals its files through fake names such as “images.png” and “Document.pdf” and employs signed programs to evade detection. Once installed, it performs data extraction through Telegram which the researchers say, enables it to remain undetected by most antivirus software.

Victims include users from South Korea, the U.S., the Netherlands, Hungary, and Austria. Telegram is used not only to send data but also to organize and manage the stolen information. One bot, called ‘Logs_Data_bot’, connects to multiple channels like ‘James – New Logs’ or ‘Adonis – Reset Logs’, which categorize the stolen data and send automated updates to hackers.

“Each bot is tied to as many as 3 Telegram channels,” said the researchers, and the data is neatly sorted and packaged for quick resale on services like Sherlock.

The investigation shows how cybercriminals are now using platforms like Telegram and Cloudflare to run operations quickly, cheaply, and at scale, turning information theft into a highly efficient business.

Perplexity Accused Of Crawling Sites Illegally With Hidden Bots - 2

Image by Marco Verch, from Unsplash

Perplexity Accused Of Crawling Sites Illegally With Hidden Bots

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Cloudflare has accused AI answer engine Perplexity of using stealth techniques to crawl websites against their wishes, raising concerns about data privacy and online trust.

In a rush? Here are the quick facts:

  • Cloudflare de-listed Perplexity as a verified bot.
  • Tests showed Perplexity accessed private, restricted websites.
  • Undeclared bots mimic Chrome and rotate IPs to avoid detection.

In a detailed report , Cloudflare says Perplexity is “modifying their user agent and changing their source ASNs to hide their crawling activity,” even when sites explicitly blocked it via ‘robots.txt’ and firewall rules.

Cloudflare identifies this behavior as a violation of web standards which led them to remove Perplexity from their verified bot list.

Cloudflare developed private websites with no-crawling restrictions in order to test Perplexity’s methods. The company discovered that Perplexity continued to provide complete information about those pages despite the no-crawling rules.

“This response was unexpected, as we had taken all necessary precautions to prevent this data from being retrievable by their crawlers,” Cloudflare said.

The investigation showed that Perplexity’s official bots used a fake browser identity which mimicked Google Chrome to bypass protections when they were blocked. These stealth crawlers made 3–6 million daily requests, rotating through unknown IPs and disguising their source.

In contrast, Cloudflare praised OpenAI for following good web behavior. When tested under the same conditions, “ChatGPT-User fetched the robots file and stopped crawling when it was disallowed.”

Cloudflare says they’ve updated their protection systems to detect and block Perplexity’s hidden crawlers. They’re also urging bot operators to be more transparent and follow ethical web practices.

“There are clear preferences that crawlers should be transparent, serve a clear purpose, perform a specific activity, and, most importantly, follow website directives and preferences,” Cloudflare stated.

ArsTechnica notes that Cloudflare isn’t alone in calling out Perplexity’s tactics. Reddit CEO Steve Huffman described the blocking of Perplexity, Microsoft and Anthropic as “a real pain” because they treated all online content as fair game.

Recently, the BBC also threatened legal action, accusing Perplexity of scraping its website to train its default AI model without permission.

ArsTechnica also notes that Forbes and Wired have accused Perplexity of plagiarism. Wired reported that the company bypassed robots.txt restrictions while using suspicious IP addresses and concealing its bot to evade blocking measures.

With AI companies increasingly seeking training data, the fight over who controls online content is heating up. Cloudflare’s move highlights the growing pushback from publishers and platforms seeking to protect their digital boundaries.