A new information-stealing malware, called ZingoStealer, has been identified. It possesses powerful data-stealing features and the ability to load additional payloads. Further, the info-stealer can mine Monero cryptocurrency.

What is ZingoStealer?

  • ZingoStealer was developed by the Haskers Gang, who had recently tried to sell the malware under two options.
  • For a price of 300 Rubles ($3.64), users may buy a pre-built option that offers crypter obfuscation (via ExoCrypt) for better avoidance of AV detection.
  • In addition, the entire source code was offered for a price of $500. Both these versions were precompiled and delivered via the group’s Telegram channels. 
  • A recent version was released for free for the members of the group’s Telegram channel, after which an increase was observed in the sample volumes in the wild.

Soon after researchers from Cisco Talos discovered the offering, ZingoStealer changed hands and was transferred to another threat actor who is now believed to be undertaking further development efforts.

Modus operandi

ZingoStealer was first discovered in the cybercrime community in March, advertised in Russian-speaking channels as a powerful info-stealer and ready-to-use, in the form of a DotNET executable.
  • It performs a geolocation check to avoid CIS countries, as it's used by Russian-speaking actors, and requests a list of URLs for the retrieval/execution of more payloads.
  • On several instances, the malware had delivered additional malware such as RedLine Stealer and ZingoMiner (XMRig) for mining cryptocurrency.
  • Until now, ZingoStealer has been infecting systems through software cracks and video game cheats advertised on YouTube, which could be changed according to its users.

Targeted apps

ZingoStealer targets multiple apps/wallets such as Chrome, Opera, TronLink, Zcash, Bitcoin, Armory, BitApp, and Nifty Wallet. Further, it attempts to steal various computer information such as IP, computer name, and OS version, among others.

Conclusion

ZingoStealer is freely available and being offered without limitations making it a dangerous threat. Further, the growing competition in the cybercrime landscape is inspiring the development of more sophisticated and feature-rich malware. Thus, always protect sensitive information with encryption and use reliable anti-malware defenses.

Cyware Publisher

Publisher

Cyware