ZingoStealer, a malware that steals data, has been tracked, and the malware has potent features that can steal data and load additional payloads. Further, the info-stealer can mine Monero cryptocurrency.
What is ZingoStealer?
Haskers Gang developed ZingoStealer, and the gang tried to sell malware in two options:
- At 300 Rubles, users can buy a built-in option that has crypter obfuscation (via ExoCrypt), which allows the attacker to evade AV detection in a better way.
- Further, one could get a complete source code for $500. Both these versions were precompiled and delivered via the group’s Telegram channels
- The latest version was available for free to the telegram group members, and the sample volumes rose in the wild after the free availability of the version.
Cisco Talos found that ZingoStelaer has been transferred to another threat actor who is now putting efforts to improve and further develop the malware.
ZingoStealer was first tracked in the cybercrime community in March, and Russian channels advertised it as a potent info-stealer and could be used in the form of a DotNET executable.
- It avoids CIS countries by performing a geolocation check; the check is required as Russian-speaking actors use it and seek a list of URLs for the retrieval/execution of more payloads.
- Many times, ZingoStealer had delivered malware such as RedLine Stealer and ZingoMiner (XMRig) for mining cryptocurrency.
- Till now, ZingoStealer has been affecting systems through software cracks and video game cheats pushed on YouTube, which users could alter.
ZingoStealer targets several apple/wallets such as Chrome, Opera, TronLink, Zcash, Bitcoin, Armory, BitApp, and Nifty Wallet. Besides, it tries to steal computer information like IP, computer name, OS version, etc.