Another new info stealer is on the wild, known as
ZingoStealer. And this is being released as free to members of the Haskers Gang community.
But the mode of distribution is the same: (1) code generators and cracks (2) game cheat. They even had a Youtube as disguise for a game "Counter-Strike: Global Offensive" (CSGO).
Target browsers:
Google Chrome
Mozilla Firefox
Opera
Opera GX
And what makes this dangerous is that the malware searches for extensions of crypto wallets such as:
TronLink
Nifty Wallet
MetaMask
MathWallet
Coinbase Wallet
Binance Wallet
Brave Wallet
Guarda
EQUAL Wallet
BitApp Wallet
iWallet
Wombat - Gaming Wallet
And it also searches %APPDATA%\Local and %APPDATA%\Roaming for cryptocurrency wallet data associated with the following cryptocurrencies.
Zcash
Armory
Bytecoin
Jaxx Liberty
Exodus
Ethereum
Electrum
Atomic
Guarda
Coinomi
It also queries the registry (HKCU\SOFTWARE\<VALUE>) to identify settings associated with additional cryptocurrency wallets, including:
Bitcoin
Dash
Litecoin
So overall, this malware targets cryptocurrency wallets so it's a very dangerous information stealer that is going in the wild right now.
Again as I have said before, it's better to have a different machine for your crypto related activities so that the chances of you getting this kind of malware might be lessen.
For a detailed technical explanation you can read it here:
https://blog.talosintelligence.com/2022/04/haskers-gang-zingostealer.html