A new malware named Zhong Stealer is targeting fintech and cryptocurrency sectors, exploiting platforms like Zendesk through phishing campaigns.
Disguised as fake support tickets with ZIP attachments, it tricks agents into downloading malicious files. Upon execution, the malware connects to a Hong Kong-based C2 server, using a stolen digital certificate to evade detection. It steals credentials from browsers like Brave and Edge, disables security logging, and exfiltrates data via non-standard network ports.
Companies must train support teams, implement zero-trust policies, monitor network traffic, and use advanced malware analysis tools to defend against such threats.
Disguised as fake support tickets with ZIP attachments, it tricks agents into downloading malicious files. Upon execution, the malware connects to a Hong Kong-based C2 server, using a stolen digital certificate to evade detection. It steals credentials from browsers like Brave and Edge, disables security logging, and exfiltrates data via non-standard network ports.
Companies must train support teams, implement zero-trust policies, monitor network traffic, and use advanced malware analysis tools to defend against such threats.
![[Image: MxgnhgZ.gif]](https://i.imgur.com/MxgnhgZ.gif)