New SantaStealer malware is after your passwords and crypto

Kurt 'CyberGuy' Knutsson warns of AI holiday traps: 'Scammers are shopping' Kurt 'CyberGuy' Knutsson joins 'Fox & Friends' to share his tips for safe holiday shopping and finding the best deals on Cyber Monday. Christmas is around the corner, and so is the SantaStealer malware . While the name sounds jolly, this malware is more than capable of ruining your happiness this festive season. The worst part is that this new strain is available to almost anyone willing to pay a small fee. It essentially works as malware-as-a-service, letting buyers target people at scale, obviously not for any legitimate use. SantaStealer is starting to make noise across Telegram channels and underground hacker forums. It is being marketed as a stealthy, memory-only information stealer that can quietly siphon data without leaving obvious traces on disk. Memory-only does not mean undetectable. It simply reduces disk artifacts, which can delay detection rather than prevent it altogether. That promise alone is enough to attract cybercriminals, especially at a time when browser-stored passwords, session cookies and crypto wallets remain high-value targets. MALICIOUS BROWSER EXTENSIONS HIT 4.3M USERS Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM newsletter. SantaStealer malware is spreading ahead of Christmas, with cybercriminals marketing the data-stealing tool for hire across Telegram and underground forums. (Kurt "CyberGuy" Knutsson) SantaStealer and how it actually works SantaStealer operates as a malware-as-a-service, charging $175 per month for its basic tier and $300 per month for the premium plan. Researchers at Rapid7 say the operation rebrands an earlier project called BluelineStealer, with a Russian-speaking developer pushing toward a wider launch before the end of the year. Despite bold claims about evading detection, Rapid7's analysis paints a more grounded picture. The samples they examined were not particularly difficult to analyze and lacked the advanced anti-analysis techniques being advertised, which is good news for us. If it can be detected, security tools have a better chance of removing it before it can do serious damage. Functionally, SantaStealer is still dangerous. It uses 14 separate data-collection modules that run in parallel, pulling information from browsers, messaging apps like Telegram and Discord, gaming platforms such as Steam, crypto wallet apps and extensions, and even local documents. The malware can also take screenshots of your desktop. Stolen data is written to memory, compressed into ZIP files and sent out in 10MB chunks to a hardcoded command-and-control server. One notable capability is its use of an embedded executable to get around Chrome's App-Bound Encryption, a security feature introduced in mid-2024. This workaround typically requires the malware to be executed at the user level and is not a remote bypass of Chrome's security model. Similar tricks have already been used by other info-stealers, showing how quickly attackers test and adapt to new browser protections. What this says about the current threat landscape...

Preview: ~500 words