Earth Alux Hackers Use VARGEIT Malware to Target Global Organizations

A dangerous China-linked hacking group, Earth Alux, has been conducting cyber espionage attacks on major industries across Asia-Pacific and Latin America. Using advanced malware called VARGEIT, these hackers infiltrate organizations to steal sensitive data and disrupt operations.

Their targets include government agencies, technology firms, logistics companies, telecom providers, and IT services—posing a serious risk to critical industries.

  • Earth Alux Expands Operations – Initially targeting Asia-Pacific countries like Thailand, Taiwan, and Malaysia, the group has now expanded to Brazil and other Latin American nations.
  • Exploiting Server Vulnerabilities – Hackers gain access by attacking exposed servers and planting web shells like GODZILLA to drop malware.

  • VARGEIT Backdoor Malware – A highly advanced malware that allows data theft, process monitoring, and stealthy command execution.

  • MSPaint Injection Technique – Instead of leaving files on the system, hackers inject malware into mspaint.exe, making detection extremely difficult.

  • Stealthy Data Theft – The malware steals sensitive files, sends them to cloud storage, and erases traces to avoid detection.

The Earth Alux hacking group is using advanced malware techniques to conduct silent espionage operations against major organizations. Their use of VARGEIT malware and the MSPaint injection technique makes detection and prevention challenging.

To defend against such threats, businesses must strengthen cybersecurity defenses with NPAV Endpoint Security and stay vigilant against hidden malware attacks.

Protect your systems before it’s too late – Stay Secure with NPAV!