"A new, modular infostealer called SantaStealer, advertised on Telegram with a basic tier priced at $175 per month, promises to make criminals' Christmas dreams come true. It boasts that it can run "fully undetected" even on systems with the "strictest AntiVirus" and those belonging to governments, financial institutions, and other prime targets. Its Russian-speaking operators released the credential- and wallet-stealing malware on Monday, and while infostealers are never welcome news, it does come with a gift to defenders: the samples seen to date are "far from undetectable" and very easy to analyze."
""It's difficult to tell if the samples we observe now are the latest builds of SantaStealer, or if there might be a delay and we are only now seeing earlier versions," Špinka told The Register. "Either way, the payloads we analyzed lacked significantly in anti-analysis and evasion capabilities, only implementing a very basic anti-VM/anti-debugging check." He added that the samples analyzed by the malware-hunting team "include original names of functions and global variables and do not perform any kind of string encryption or code obfuscation, making analysis rather simple.""
"Still, it is an infostealer, and this type of malware is a favorite of ransomware gangs and other financially motivated criminals to gain initial access to victims' IT systems. So it's not something that you want to inadvertently download and run on your computer, thus giving attackers your stored usernames and passwords for sensitive accounts and corporate networks. We recommend avoiding unrecognized links and email attachments as well as watching out for fake human verification or tech support instructions to run commands on your computer"
SantaStealer is a modular infostealer sold on Telegram with a basic tier priced at $175 per month and claims to run fully undetected on even high-value targets. Russian-speaking operators released credential- and wallet-stealing samples that analysts found to be far from undetectable and straightforward to analyze. Observed payloads implement only basic anti-VM and anti-debugging checks, retain original function names and variables, and lack string encryption or code obfuscation. Infostealers remain a common tool for gaining initial access used by ransomware and financially motivated criminals. Users should avoid unknown links, attachments, and instructions to run commands.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]