High Schooler Accused of Engineering Global Cybercrime Ring
A 12th-grade student in Thanh Hoa Province, Vietnam, is at the center of a significant cybercrime investigation, accused of developing and selling malicious software that allegedly compromised over 94,000 computers worldwide. The provincial police have officially indicted 12 individuals in connection with this extensive cybercrime operation. The charges levied against them include “producing, trading, exchanging or distributing tools, software or computer systems for illegal purposes” and “illegally accessing computer networks, telecommunications networks or electronic devices.”
Among the indicted suspects is a male high school student from Hac Thanh Ward, whose alleged involvement began while he was still in 11th grade.
Police search the residence in Thanh Hoa Province of a12th grader accused of creating a malware. Photo by VnExpress/Lam Son
Authorities report that the student commenced the development of the malicious source code in early 2024. Operating independently, he utilized programming languages such as Python and C++ to construct malware designed to circumvent basic security measures embedded in operating systems. The primary function of this malware was to illicitly extract sensitive personal information, including login cookies, saved browser passwords, and autofill data.
In July 2024, the student established contact via social media with Le Thanh Cong, a 28-year-old individual residing in the central Ha Tinh Province. Cong subsequently commissioned the student to develop a more advanced malware variant specifically engineered for large-scale distribution and extensive data harvesting. Following its deployment, the stolen data was automatically transmitted to Telegram bot systems that were under the control of the cybercrime syndicate. Cong later facilitated an introduction between the student and Phan Xuan Anh, a 21-year-old from the neighboring Nghe An Province.
Suspect Phan Xuan Anh (C) is arrested in a malware production scheme. Photo by VnExpress/Lam Son
The collaboration between the student and Xuan Anh resulted in the creation of a sophisticated new malware strain, ominously dubbed “PXA Stealers.” This advanced malware was not only capable of stealing user information but also provided operators with complete remote control over the infected computers. Reports indicate that the teenage programmer received a 15% share of the profits generated from the sale of the data pilfered by this malicious software.
To enhance their operational capabilities and maintain persistent control, the syndicate integrated remote-access source code into the malware. This integration ensured that the program would automatically install itself the moment a victim opened an infected file, granting the operators immediate remote access to the compromised machine.
Further expanding their arsenal, in November 2024, the student was contracted by another party to develop a distinct malware variant known as “Adonis.” This particular development was reportedly undertaken for a fixed fee of $500. In addition to this upfront payment, the student also allegedly earned between $50 and $100 for each instance where the gang profited from data stolen using the “Adonis” virus.
Global Reach and Devastating Impact
The syndicate implemented a broad distribution strategy for their malware, primarily through mass spam email campaigns targeting users across numerous countries. These emails were meticulously crafted to disguise the malicious attachments as legitimate PDF or text documents, thereby increasing the likelihood of victims opening them. Upon execution, the malware would activate instantaneously, infiltrating the targeted system and initiating its data extraction and control protocols.
The scale of this operation is staggering, with authorities having identified more than 94,000 infected computers spanning Europe, the Americas, and Asia. The impact extended beyond the mere theft of personal data. The network also actively hijacked social media accounts with substantial follower counts. These compromised accounts were then exploited for various illicit purposes, including the promotion of illegal advertisements, the sale of goods, and the fraudulent transfer of account ownership to third parties for financial gain.
Investigators estimate that the cybercrime syndicate amassed significant financial gains, potentially in the tens of billions of Vietnamese dong, through the continuous development and modification of their malware. To put this into perspective, 10 billion Vietnamese dong is equivalent to approximately US$380,000, indicating a substantial illicit revenue stream. The case highlights the evolving sophistication of cyber threats and the critical role that young individuals, even those still in their formative educational years, can play in enabling large-scale criminal enterprises.
