The combination of stolen code-signing certificates, regionalized phishing lures, and cloud-based C2 infrastructure makes Zhong Stealer a persistent threat to financial institutions. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Dubbed Zhong Stealer, this previously undocumented threat employed compromised AnyDesk installations and phishing lures to infiltrate systems, stealing credentials and establishing persistent access. A sophisticated malware campaign leveraging social engineering tactics has targeted financial technology and cryptocurrency platforms between December 20–24, 2024. These components were signed with a stolen certificate from Morning Leap & Cazo Electronics Technology, falsely attributed to BitDefender to evade detection. Proactive sandbox analysis of support ticket attachments, coupled with strict application allowlisting, remains critical to mitigating risk. Besides this, the analysts at Any.run noted that the support agents who extracted these archives unknowingly executed the malware, initiating a multi-stage attack chain. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. The campaign represents a significant escalation in attacks against high-value financial sectors, combining technical sophistication with psychological manipulation. The attackers exploited customer support channels, particularly Zendesk, to submit fabricated support tickets from newly created accounts. Network analysis revealed exfiltration patterns matching the T1571 MITRE tactic (Non-Standard Port Usage). Stolen data was transmitted via TCP port 1131 to the C2 server using AES-encrypted channels.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 20 Feb 2025 11:40:13 +0000