Meet ZingoStealer: the Haskers Gang's new, free malware

LASER_oneXM

Level 37
Thread author
Verified
Top poster
Well-known
Feb 4, 2016
2,520
ZingoStealer is able to spread cryptocurrency mining malware.

A new type of information stealer has been added to the Haskers Gang malware portfolio.
On Thursday, researchers from Cisco Talos said that the malware, dubbed ZingoStealer, is being offered for free to Haskers Gang Telegram group members.

Active since at least 2020, the Haskers Gang group isn't your typical, small collective of cybercriminals. Instead, the 'community' comprises of a few founders -- likely based in Eastern Europe -- and thousands of casual members.

Haskers Gang communicates via Telegram and Discord to share 'community' updates, tools, and its latest activities. The Telegram group has just under four thousand subscribers who share tips on cracks, crypters, bypassing security measures and hacking software. Telegram is also abused to manage the malicious executables and exfiltrated data packages.

According to the researchers, the attackers target gamers through cheat codes, pirated software and tend to focus on Russian-speaking victims.

The new ZingoStealer information stealer can harvest account credentials, Chrome and Firefox browser data, and Discord tokens, among other datasets. In addition, the malware will try to tap into any cryptocurrency wallet credentials held by browser extensions from services including BitApp, Coinbase, Binance, and Brave.

ZingoStealer may also be used in conjunction with other malware strains, including RedLine Stealer.