Hacker Outfit Haskers Group Releases ZingoStealer

The cybercriminal outfit known by the alias Haskers Group released a brand new piece of malware. The new multi-purpose tool released by Haskers is called ZingoStealer.

At the moment, ZingoStealer is offered for free to all members of the Haskers Telegram group, but that might change if additional functionality is added to the malware.

Freeware infostealer offered through Telegram

Unlike more traditional hacker outfits, Haskers is a more decentralized group with a larger following. Even though the group has a few founding core members, the whole body of Haskers is comprised of hundreds, probably even thousands of members active members, given the number of accounts subscribed to the Telegram group. Of course, not all of them are actively engaged in full-time cybercrime operations, with many of them being more casually involved.

When examining the group's latest work, Cisco Talos also noted that the group frequently targets the gamer demographic, with a slant towards Russian speakers. The bait used by Haskers is not unusual, given the targeted group - pirated executables, cracks for games and software, as well as fake cheats for games are used to distribute malware.

When it comes to the new freeware malware tool named ZingoStealer, it has a very respectable set of features already. The malware can exfiltrate credentials, and scrape browser information as well as Discord tokens. ZingoStealer is also able to dip its fingers into crypto wallet access credentials that are stored in browser extensions.

ZingoStealer can also install cryptojacking payload

In keeping with the theme of illegally obtaining crypto, the malware can also download and deploy an additional crypto miner payload on infected systems. ZingoStealer uses a custom build of the XMRig cryptojacking malware that uses the victim's hardware resources to mine Monero for the malware operator's benefit.

The development of ZingoStealer seems to be ongoing, because the malware has already received several updates from its initial foray into the wild in March 2022. The malware is also offered as a subscription, at the modest price of just three dollars or around 300 Russian rubles, offering an additional crypter module.

The research team as Cisco observed a ramping up in the different samples of ZingoStealer being used in the wild and researchers expect this trend of growth to continue.