Zhong Stealer Analysis: New Malware Targeting Fintech and Cryptocurrency
Essential information
- Published
- 18/02/2025 22:51
- Modified
- 19/02/2025 08:56
- Tags
- 2025-02-18 credential-theft cryptocurrency data exfiltration fintech persistence phishing zhong stealer
- Related entities
- 5 observables, 5 techniques (mitre), 1 malware, 3 others
Description
A new malware called Zhong Stealer has been identified targeting the cryptocurrency and fintech sectors through a phishing campaign. The attackers exploited chat support platforms, posing as customers to trick agents into downloading the malware. Zhong Stealer's execution flow involves multiple stages, including initial contact, downloader execution, persistence establishment, reconnaissance, credential theft, and data exfiltration. The malware uses various tactics such as disabling event logging, modifying registry keys, harvesting credentials, scheduling tasks, and communicating via non-standard ports. It exfiltrates stolen data to a command-and-control server in Hong Kong. Organizations are advised to train support teams, restrict file execution, monitor network traffic, and use real-time analysis tools to protect against this threat.