DUBAI, DUBAI, UNITED ARAB EMIRATES, February 18, 2025 /EINPresswire / -- ANY , the leading provider of interactive malware analysis and threat intelligence solutions, has revealed a new stealer malware exploiting customer support chat systems to infiltrate the fintech and cryptocurrency industries. Zhong Stealer deceives help desk agents by posing as frustrated customers and delivering weaponized attachments designed to steal credentials and exfiltrate sensitive data.

Zhong Stealer's Attack Strategy: Exploiting Support Platforms to Infiltrate Organizations

The campaign, active from December 20-24, 2024, leveraged Zendesk and other support platforms, where attackers created fake tickets and pressured agents into opening malicious ZIP files. ANY's real-time malware analysis sandbox exposed Zhong's behavior, revealing its stealthy execution chain, data exfiltration tactics, and C2 infrastructure.

ANY's Analysis Reveals Zhong's Tactics

By running Zhong Stealer inside ANY's interactive sandbox, researchers observed:

· Social engineering as the attack vector - Fake support requests, written in broken Chinese, pressured help desk agents into opening infected attachments.

· Advanced persistence techniques - The malware modified Windows registry keys and leveraged scheduled tasks to maintain long-term access.

· Credential harvesting - Zhong targeted Brave, Edge, and Internet Explorer browsers, stealing saved passwords and user session data.

· Hong Kong-based C2 communication - Stolen credentials were exfiltrated over port 1131 to a command-and-control server hosted on Alibaba Cloud.

For a more detailed analysis of Zhong Stealer, including technical breakdowns and IOCs, visit the ANY blog .

About ANY

ANY is a provider of interactive malware analysis and threat intelligence solutions, allowing cybersecurity professionals to analyze threats in real time, detect malicious activity, and respond proactively. With its cloud-based sandboxing environment, TI Lookup, and Safebrowsing, ANY delivers deep visibility into malware behavior, threat intelligence, and web-based risks. These tools help organizations track emerging threats, extract indicators of compromise (IOCs), investigate suspicious files and URLs, and enhance their security posture.

The ANY team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
X
LinkedIn

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

MENAFN18022025003118003196ID1109219701