Zhong Stealer Analysis: New Malware Targeting Fintech and Cryptocurrency

SUMMARY :

A new malware called Zhong Stealer has been identified targeting the cryptocurrency and fintech sectors through a phishing campaign. The attackers exploited chat support platforms, posing as customers to trick agents into downloading the malware. Zhong Stealer's execution flow involves multiple stages, including initial contact, downloader execution, persistence establishment, reconnaissance, credential theft, and data exfiltration. The malware uses various tactics such as disabling event logging, modifying registry keys, harvesting credentials, scheduling tasks, and communicating via non-standard ports. It exfiltrates stolen data to a command-and-control server in Hong Kong. Organizations are advised to train support teams, restrict file execution, monitor network traffic, and use real-time analysis tools to protect against this threat.

OPENCTI LABELS :

phishing,data exfiltration,credential theft,cryptocurrency,persistence,fintech,zhong stealer


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Zhong Stealer Analysis: New Malware Targeting Fintech and Cryptocurrency