ANY.RUN Shares Research on Zhong Stealer: The New Malware Targeting Fintech and Cryptocurrency
DUBAI, DUBAI, UNITED ARAB EMIRATES, February 18, 2025 /EINPresswire.com/ -- ANY.RUN, the leading provider of interactive malware analysis and threat intelligence solutions, has revealed a new stealer malware exploiting customer support chat systems to infiltrate the fintech and cryptocurrency industries. Zhong Stealer deceives help desk agents by posing as frustrated customers and delivering weaponized attachments designed to steal credentials and exfiltrate sensitive data.
๐๐ก๐จ๐ง๐ ๐๐ญ๐๐๐ฅ๐๐ซโ๐ฌ ๐๐ญ๐ญ๐๐๐ค ๐๐ญ๐ซ๐๐ญ๐๐ ๐ฒ: ๐๐ฑ๐ฉ๐ฅ๐จ๐ข๐ญ๐ข๐ง๐ ๐๐ฎ๐ฉ๐ฉ๐จ๐ซ๐ญ ๐๐ฅ๐๐ญ๐๐จ๐ซ๐ฆ๐ฌ ๐ญ๐จ ๐๐ง๐๐ข๐ฅ๐ญ๐ซ๐๐ญ๐ ๐๐ซ๐ ๐๐ง๐ข๐ณ๐๐ญ๐ข๐จ๐ง๐ฌ
The campaign, active from December 20-24, 2024, leveraged Zendesk and other support platforms, where attackers created fake tickets and pressured agents into opening malicious ZIP files. ANY.RUNโs real-time malware analysis sandbox exposed Zhongโs behavior, revealing its stealthy execution chain, data exfiltration tactics, and C2 infrastructure.
๐๐๐.๐๐๐โ๐ฌ ๐๐ง๐๐ฅ๐ฒ๐ฌ๐ข๐ฌ ๐๐๐ฏ๐๐๐ฅ๐ฌ ๐๐ก๐จ๐ง๐ โ๐ฌ ๐๐๐๐ญ๐ข๐๐ฌ
By running Zhong Stealer inside ANY.RUNโs interactive sandbox, researchers observed:
ยท ๐ฆ๐ผ๐ฐ๐ถ๐ฎ๐น ๐ฒ๐ป๐ด๐ถ๐ป๐ฒ๐ฒ๐ฟ๐ถ๐ป๐ด ๐ฎ๐ ๐๐ต๐ฒ ๐ฎ๐๐๐ฎ๐ฐ๐ธ ๐๐ฒ๐ฐ๐๐ผ๐ฟ - Fake support requests, written in broken Chinese, pressured help desk agents into opening infected attachments.
ยท ๐๐ฑ๐๐ฎ๐ป๐ฐ๐ฒ๐ฑ ๐ฝ๐ฒ๐ฟ๐๐ถ๐๐๐ฒ๐ป๐ฐ๐ฒ ๐๐ฒ๐ฐ๐ต๐ป๐ถ๐พ๐๐ฒ๐ - The malware modified Windows registry keys and leveraged scheduled tasks to maintain long-term access.
ยท ๐๐ฟ๐ฒ๐ฑ๐ฒ๐ป๐๐ถ๐ฎ๐น ๐ต๐ฎ๐ฟ๐๐ฒ๐๐๐ถ๐ป๐ด - Zhong targeted Brave, Edge, and Internet Explorer browsers, stealing saved passwords and user session data.
ยท ๐๐ผ๐ป๐ด ๐๐ผ๐ป๐ด-๐ฏ๐ฎ๐๐ฒ๐ฑ ๐๐ฎ ๐ฐ๐ผ๐บ๐บ๐๐ป๐ถ๐ฐ๐ฎ๐๐ถ๐ผ๐ป - Stolen credentials were exfiltrated over port 1131 to a command-and-control server hosted on Alibaba Cloud.
For a more detailed analysis of Zhong Stealer, including technical breakdowns and IOCs, visit the ANY.RUN blog.
๐๐๐จ๐ฎ๐ญ ๐๐๐.๐๐๐
ANY.RUN is a provider of interactive malware analysis and threat intelligence solutions, allowing cybersecurity professionals to analyze threats in real time, detect malicious activity, and respond proactively. With its cloud-based sandboxing environment, TI Lookup, and Safebrowsing, ANY.RUN delivers deep visibility into malware behavior, threat intelligence, and web-based risks. These tools help organizations track emerging threats, extract indicators of compromise (IOCs), investigate suspicious files and URLs, and enhance their security posture.
The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
X
LinkedIn
Distribution channels: Banking, Finance & Investment Industry, Companies, IT Industry, International Organizations, Technology
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
Submit your press release