The Haskers Gang Distributes ZingoStealer Malware for Free

The Haskers Gang Distributes ZingoStealer Malware for Free


Criminal groups can now use Haskers Gang's ZingoStealer information-stealing malware for their own malicious purposes after it was made available for free online by the crimeware-related threat actor.


This malware has the ability to steal sensitive information as well as download additional malware to infected systems, according to a report from Cisco Talos researchers Edmund Brumaghin and Vanja Svajcer, who shared their findings with Cybernari.


"RedLine Stealer and a cryptocurrency mining malware based on XMRig known internally as 'ZingoMiner' are two examples of this."


But on Thursday, the criminal group announced that the ZingoStealer project had been transferred to a new threat actor, as well as offering to sell the source code for $500.


To target Russian-speaking victims, ZingoStealer is said to be constantly evolving, packaged as game cheats and pirated software, and then deployed. As far back as January of 2020, the Haskers Gang has been active.


Additionally, the malware uses Telegram as both an exfiltration channel and a platform to distribute updates.

The Haskers Gang Distributes ZingoStealer Malware for Free

A custom crypter called ExoCrypt can be purchased for about $3 by customers who want to protect their malware from antivirus scanners without the need for a third-party crypter solution.


For the researchers, this was an attempt to make money by using compromised systems to mine Monero for the author of the malware.


Threat actors use YouTube videos to promote the features of the malware and its description, along with a link to an archive file on Google Drive or Mega that contains the ZingoStealer payload for the malicious campaigns.




But Cisco Talos pointed out that the executables are also hosted on the Discord CDN, raising the possibility that information thief is disseminated within gaming-related Discord servers.


When it comes to stealing information from web browsers like Google Chrome, Mozilla Firefox, Opera, and Opera GX as well as from cryptocurrency wallets, ZingoStealer is an.NET binary that can do it all.


In addition, the malware has the ability to deploy additional malware, such as RedLine Stealer, which is a more feature-rich information stealer that steals data from a variety of applications, browsers, and cryptocurrency wallets extensions. ZingoStealer is being given away for free by the malware's authors, which could explain why they're doing so.


The Haskers Gang Distributes ZingoStealer Malware for Free

According to the researchers, users should be aware of the dangers posed by these types of applications and ensure that they are only executing applications distributed via legitimate mechanisms.

0 Comments

Your suggestions and comments are welcome

Post a Comment

Your suggestions and comments are welcome

Post a Comment (0)

Previous Post Next Post