A new infostealer dubbed ZingoStealer operated by the Haskers threat group is a new stealer malware with a powerful data-stealing capability and a feature that loads additional payloads. The new malware could also mine the Monero cryptocurrency.
The Haskers threat group attempted to offer the new malware to other threat actors under two options based on reports.
The first option is that purchasers may acquire the malware through a pre-built option that includes crypter obfuscation for competent AV detection bypass. The other option is that the entire source code of the infostealer is being offered by Haskers for a hefty price of $500.
If a buyer has chosen either of the options, they can claim it in a group located on a Telegram channel. Both versions are precompiled by their developers and ready to use after acquisition.
However, a recent version was released without any fee for the members of the group’s channel. Therefore, there was an increase in the sample malware circulating across cyberspace.
But after a security researcher hunted down the infostealer, its developers have cleverly transferred it to a separate threat group that is now constantly upgrading the malware for more efficient usage.
Russian threat actors may have actively used the ZingoStealer.
Last month, researchers discovered that Russian-speaking channels are advertising the ZingoStealer as a competent infostealer in the form of a [.]NET executable. The researchers then indicated that the malware could operate a geolocation check to stray away from CIS countries since Russian actors utilise it.
In multiple cases, the infostealer had spread additional malware such as ZingoMiner and RedLine Stealer for crypto mining purposes.
ZingoStealer has compromised systems via software cracks and video game cheats distributed on the streaming site YouTube.
In addition, the malware targets numerous wallets and apps such as Opera, Zcash, Bitcoin, Chrome, TronLink, and BitApp. It also tries to steal multiple computer data such as IP addresses, operating system versions, and computer names.
ZingoStealer is available and endorsed by its developers without limitations, making it a hostile threat. Furthermore, the competitiveness of threat actors in the cybercrime landscape is encouraging other groups to develop more sophisticated malware. Therefore, users should always protect sensitive data with encryption and use anti-malware solutions.
