The new data theft software SantaStealer is actively advertised on Telegram and hacker forums. It is distributed under a CaaS model, according to researchers from Rapid7.
According to their data, SantaStealer is a new name for the malware BluelineStealer. It operates exclusively in memory to avoid detection by antivirus programs.
The developer is conducting an active advertising campaign ahead of a full-scale launch scheduled for the end of the year.
A monthly subscription for CaaS is offered in two variants:
basic — $175;
premium — $300.
Rapid7 specialists analyzed several samples of SantaStealer and gained access to the partner interface. Despite the presence of many data theft mechanisms, the malware does not meet the claimed characteristics for bypassing detection systems.
According to researchers, SantaStealer can be used for stealing:
browser passwords, cookies, browsing history, saved bank cards;
data from Telegram, Discord, and Steam;
information from Web3 applications and cryptocurrency wallet extensions;
documents from the device;
screenshots of the user's desktop
