Santa apparently doesn’t just bring presents. I say that because a new malware-as-a-service information stealer named SantaStealer is being advertised on Telegram and hacker forums as operating in memory to avoid file-based detection.
Commenting on this is Ensar Seker, CISO at SOCRadar:
“SantaStealer is another reminder of how the threat landscape is evolving into a criminal SaaS economy. What’s particularly concerning is the move toward memory-only operations; this significantly lowers the detection footprint, bypassing traditional AV and EDR tools. The pricing tiers and marketing model mimic legitimate software services, further lowering the barrier to entry for cybercriminals. Attribution to a Russian-speaking developer, rebranding from BluelineStealer, and the use of Telegram for distribution all point to an increasingly professionalized cybercrime ecosystem. Organizations should prioritize behavioral monitoring and memory analysis as part of their defense-in-depth strategy.”
This is yet another case of the bad guys evolving faster than the good guys being able to keep up. That’s something that needs to change, and quickly.
Like this:
Like Loading...
Related
This entry was posted on December 16, 2025 at 3:44 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New SantaStealer malware steals data from browsers, crypto wallets
Santa apparently doesn’t just bring presents. I say that because a new malware-as-a-service information stealer named SantaStealer is being advertised on Telegram and hacker forums as operating in memory to avoid file-based detection.
Commenting on this is Ensar Seker, CISO at SOCRadar:
“SantaStealer is another reminder of how the threat landscape is evolving into a criminal SaaS economy. What’s particularly concerning is the move toward memory-only operations; this significantly lowers the detection footprint, bypassing traditional AV and EDR tools. The pricing tiers and marketing model mimic legitimate software services, further lowering the barrier to entry for cybercriminals. Attribution to a Russian-speaking developer, rebranding from BluelineStealer, and the use of Telegram for distribution all point to an increasingly professionalized cybercrime ecosystem. Organizations should prioritize behavioral monitoring and memory analysis as part of their defense-in-depth strategy.”
This is yet another case of the bad guys evolving faster than the good guys being able to keep up. That’s something that needs to change, and quickly.
Share this:
Like this:
Related
This entry was posted on December 16, 2025 at 3:44 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.