216.73.217.80

Zhong Stealer Analysis: New Malware Targeting Fintech and Cryptocurrency

· Published 18/02/2025 22:51 · Modified 19/02/2025 08:56

Export JSON

Essential information

Published
18/02/2025 22:51
Modified
19/02/2025 08:56
Tags
2025-02-18 credential-theft cryptocurrency data exfiltration fintech persistence phishing zhong stealer
Related entities
5 observables, 5 techniques (mitre), 1 malware, 3 others

Description

A new malware called has been identified targeting the and sectors through a campaign. The attackers exploited chat support platforms, posing as customers to trick agents into downloading the malware. 's execution flow involves multiple stages, including initial contact, downloader execution, establishment, reconnaissance, credential theft, and . The malware uses various tactics such as disabling event logging, modifying registry keys, harvesting credentials, scheduling tasks, and communicating via non-standard ports. It exfiltrates stolen data to a command-and-control server in Hong Kong. Organizations are advised to train support teams, restrict file execution, monitor network traffic, and use real-time analysis tools to protect against this threat.

External references