Zhong Stealer Analysis: New Malware Targeting Fintech and Cryptocurrency

Description

A new malware called Zhong Stealer has been identified targeting the cryptocurrency and fintech sectors through a phishing campaign. The attackers exploited chat support platforms, posing as customers to trick agents into downloading the malware. Zhong Stealer's execution flow involves multiple stages, including initial contact, downloader execution, persistence establishment, reconnaissance, credential theft, and data exfiltration. The malware uses various tactics such as disabling event logging, modifying registry keys, harvesting credentials, scheduling tasks, and communicating via non-standard ports. It exfiltrates stolen data to a command-and-control server in Hong Kong. Organizations are advised to train support teams, restrict file execution, monitor network traffic, and use real-time analysis tools to protect against this threat.