THE ongoing cyber threat campaign attributed to the actor Leda Elacoate involves a trojanized software distribution operation targeting cryptocurrency users and VPN clients, notably X-VPN. The attack began in January 2026 with malicious installers for popular cryptocurrency tools, ultimately leading to the distribution of X-VPN with a hidden malicious DLL (CRYPTBASE.dll) that allows the loader of STX RAT, a remote access trojan.
This malware can steal sensitive information and maintain remote control of infected machines. X-VPN acknowledged the issue and released an updated version to patch the exploited vulnerability. Users are advised to update their software and avoid unofficial installers.