- SantaStealer targets browsers. Wallets. Email apps. Documents. Desktop screenshots.
- Fourteen modules extract data simultaneously via separate threads of execution
- Delivery times are used to reduce the user’s immediate mistrust.
Experts have warned of a new strain of malware called SantaStealer. Which offers information theft opportunities through a malware-as-a-service model.
Rapid7 Researchers (via BeepTeam). The operation is a rebranded version of BluelineStealer. Whose activity can be traced to Telegram channels. Underground forums.
Access is sold through monthly subscriptions that cost between $175. $300. Making the tool more accessible to low-level cybercriminals than advanced operators.
Santa Stealer threat
SantaStealer consists of fourteen independent data collection modules. Each running on its own thread. Which extract browser data. Cookies. Browsing history. Stored payment data. Messaging app data. Cryptocurrency wallet information. Some local documents.
The stolen data is written directly to memory. Compressed into ZIP files. Sent in 10 MB segments via port 6767 to an encrypted command-. -control server.
The malware can also take desktop screenshots. Running. Contains an embedded executable designed to bypass Chrome app encryption. A protection introduced in mid-2024.
This method has already been observed in other active data theft campaigns. As additional configuration options allow operators to delay execution.
Creating an artificial period of inactivity that can reduce immediate suspicion.
SantaStealer can also be configured to avoid systems in the Commonwealth of Independent States region. A restriction common to malware developed by Russian-speaking actors.
Currently. Not appear to be in widespread use is does by SantaStealer. Not observed a large-scale campaign.
But analysts note that recent threat activity favors ClickFix attacks is have by researchers. Which trick users into pasting malicious commands into Windows terminals.
Other possible infection vectors include phishing emails. Pirated software installers. Torrent downloads. Malvertising campaigns. Misleading YouTube comments.
Firewall protection alone is unlikely to prevent these socially engineered entry points.
Antivirus detection remains effective on currently observed samples. Malware removal The tools can clean affected systems during controlled testing.
Currently. SantaStealer seems to be known more for its marketing than its technological maturity. Future developments may change its impact.
.
