ZingoStealer: New Malware Making Way on the Threat Landscape
ZingoStealer Has the Capacity to Propagate Crypto-Mining Malware.
A new info-stealer is making way on the cyber threat landscape as Haskers Gang has just added to their arsenal ZingoStealer.
More Details on ZingoStealer
The malware, as mentioned above, named ZingoStealer, is being distributed for free to Haskers Gang Telegram channel members, according to Cisco Talos researchers, who published a report on this topic.
It seems that account credentials, Chrome and Firefox browser data, and Discord tokens, among other datasets, can be harvested by the new ZingoStealer information stealer. Furthermore, the malware will attempt to steal cryptocurrency wallet credentials stored by browser extensions from BitApp, Coinbase, Binance, and Brave, among others.
As the experts further explain, ZingoStealer can also be combined with other malware strains, such as RedLine Stealer.
RedLine Stealer has standard stealer features as well as the ability to harvest VPN account passwords and login information from suppliers such as NordVPN, OpenVPN, and ProtonVPN. Fortinet discovered the virus in a phishing attempt that took advantage of the COVID-19 pandemic in January.
Additionally, ZingoStealer can be used to install a bitcoin miner on affected computers. Cybercriminals may silently execute a cryptocurrency miner in assaults that steal computer resources to mine for coins, and these virtual assets are transmitted to wallets controlled by threat actors, a practice is known as cryptojacking.
A bespoke version of XMRig, a Monero (XMR) miner, is used in this scenario. This miner is known among the hackers as “ZingoMiner.”
Haskers Gang: Members and MO
The Haskers Gang, which has been active since at least 2020, is a ‘community’ made up of a few founding members, most of whom are likely from Eastern Europe, and thousands of casual members.
Haskers Gang uses Telegram and Discord to convey ‘community’ updates, tools, and its most recent operations. The Telegram group has just under 4,000 members who exchange cracking, crypting, security bypassing, and hacking software information. Telegram is also used to manage malicious executables and data packages that have been exfiltrated.
Who Are the Hackers’ Targets?
According to the experts, the threat actors use cheat codes and unlicensed software to target gamers, with a preference for Russian-speaking victims.
While this stealer is freely available and can be used by multiple threat actors, we have observed a focus on infecting Russian speaking victims under the guise of game cheats, key generators and pirated software, which likely indicates a current focus on home users. The threat actor “Haskers Gang” uses collaborative platforms such as Telegram and Discord to distribute updates, share tooling and otherwise coordinate activities.
ZingoStealer was released for the first time in March of this year. Despite the fact that it is a novel type of malware, its code has already undergone substantial development, and numerous variants have been discovered out there.
While the threat group has issued a free version of ZingoStealer, it is also aiming to profit from a subscription version, sometimes known as malware-as-a-service (MaaS), which costs around 300 roubles ($3). ExoCrypt, a crypter, is also included in this variant. Given that the stealer is provided for free, it’s feasible that multiple threat groups will adopt it in the future, according to ZDNet.