ZingoStealer

ZingoStealer is a new, threatening addition to the tools of the hacker group known as the Haskers Gang. A report on the threat was released by the researchers, and according to their findings, ZingoStealer is equipped with an expansive set of intrusive features. The threat is under rapid development and in just a month after its unveiling, several different versions have been identified. Apart from the free version available to Haskers Gang's members, there also is a subscription tier priced at 300 rubles ($3). The paid variant comes equipped with a cryptor named ExoCrypt.

The malware is capable of harvesting account credentials, browser data from Chrome and Firefox, Discord tokens and more sensitive data. ZingoStealer also is designed to compromise browser extensions belonging to popular cryptocurrency services, such as BitApp, Coinbase, Binance, and Brave and extract users' crypto-wallet credentials.

Depending on the particular goals of the threat actors, ZingoStealer can operate in tandem with other malware strains, such as the RedLine Stealer. The cybercriminal also can utilize ZingoStealer to drop a custom version of the XMRig crypto miner on the breached devices. Dubbed ZingoMiner, the threat will hijack the hardware resources of the system and use them to generate Monero coins.

The Haskers Gang doesn't operate like a typical cybercrime organization. It can be compared to a community consisting of a couple of founders, believed to be located in Eastern Europe, and thousands of more casual members. Communication is facilitated mainly through the Telegram and Discord applications, where the group shares updates, tools, and news about its latest activities. The main distribution channels abused by the gang include cheat applications for video games and cracked software, while their primary targets appear to be Russian-speaking users.