Rapid7 Labs has identified a new malware-as-a-service information stealer being actively promoted through Telegram channels and on underground hacker forums. The stealer is advertised under the name “SantaStealer” and is planned to be released before the end of 2025.
Open source intelligence suggests that it recently underwent a rebranding from the name “BluelineStealer.” The malware collects and exfiltrates sensitive documents, credentials, wallets, and data from a broad range of applications, and aims to operate entirely in-memory to avoid file-based detection. Stolen data is then compressed, split into 10 MB chunks, and sent to a C2 server over unencrypted HTTP.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- New ‘warshipping’ technique gives hackers access to enterprise offices
August 7, 2019
Researchers have described a new technique which could be used by cyberattackers to infiltrate corporate setups — with a little help from your friendly neighborhood delivery workers. On Wednesday, Charles Henderson, Global Managing Partner of IBM X- Force Red documented the theoretical method known as warshipping. The technique builds upon wardialing — in which numbers are called en masse ...
- Microsoft Says Russia’s Strontium Behind IoT Hacks
August 7, 2019
Russian hackers have been identified by security experts at Microsoft as being behind a series of attacks on IoT devices. Microsoft’s Threat Intelligence Center said in a blog posting that the Russian state-linked hackers were Strontium. The Strontium hackers are also known as the Fancy Bear group, or alternatively ‘APT28′ and are closely linked to the Russian military intelligence ...
- New Windows hack warning: Patch Intel systems now to block SWAPGSAttack exploits
August 6, 2019
A newly uncovered vulnerability affecting every Windows computer using an Intel processor built since 2012 could allow attackers to bypass safeguards and access information held in a system’s protected kernel memory. This new side-channel attack is built on previous research into other CPU vulnerabilities – such as Spectre and Meltdown – but this new vulnerability can bypass the ...
- LokiBot Gains New Persistence Mechanism, Uses Steganography to Hide Its Tracks
August 6, 2019
First advertised as an information stealer and keylogger when it first appeared in underground forums, LokiBot has added various capabilities over the years. Recent activity has seen the malware family abusing Windows Installer for its installation and introducing a new delivery method that involves spam mails containing malicious ISO file attachments. Our analysis of a new LokiBot variant shows that ...
- Millions of Android Smartphones Vulnerable to Trio of Qualcomm Bugs
August 6, 2019
Security researchers from Tencent’s Blade Team are warning Android smartphone and tablet users of flaws in Qualcomm chipsets, called QualPwn. The bugs collectively allow hackers to compromise Android devices remotely simply by sending malicious packets over-the-air – no user interaction required. Three bugs make up QualPwn (CVE-2019-10539, CVE-2019-10540 and CVE-2019-10538). The prerequisite for the attack is ...
- Cyberattacks against industrial targets have doubled over the last 6 months
August 5, 2019
Cyberattacks designed to cause damage have doubled in the past six months and 50 percent of organizations affected are in the manufacturing sector, researchers say. On Monday, IBM’s X-Force IRIS incident response team published new research based on recent cyberattacks they have been called in to assist with, and the main trend the group is witnessing is the ...