Rapid7 Labs has identified a new malware-as-a-service information stealer being actively promoted through Telegram channels and on underground hacker forums. The stealer is advertised under the name “SantaStealer” and is planned to be released before the end of 2025.
Open source intelligence suggests that it recently underwent a rebranding from the name “BluelineStealer.” The malware collects and exfiltrates sensitive documents, credentials, wallets, and data from a broad range of applications, and aims to operate entirely in-memory to avoid file-based detection. Stolen data is then compressed, split into 10 MB chunks, and sent to a C2 server over unencrypted HTTP.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Banks Under Attack: Tactics and Techniques Used to Target Financial Organizations
February 8, 2019
US$100 – 300 billion: That’s the estimated losses that financial institutions can potentially incur annually from cyberattacks. Despite the staggering amount, it’s unsurprising — over the past three years, several banks suffered $87 million in combined losses from attacks that compromised their SWIFT (Society for Worldwide Interbank Financial Telecommunication)infrastructures. That’s just the tip of the iceberg: A ...
- New macOS zero-day allows theft of user passwords
February 6, 2019
A German security researcher has published a video over the weekend showing a new zero-day affecting Apple’s macOS desktop operating system. In an interview to German tech site Heise, Linus Henze, the security researcher, says the vulnerability allows a malicious app running on a macOS system to get access to passwords stored inside the Keychain –the password management ...
- Android Phones Can Get Hacked Just by Looking at a PNG Image
February 6, 2019
Using an Android device? Beware! You have to remain more caution while opening an image file on your smartphone—downloaded anywhere from the Internet or received through messaging or email apps. Yes, just viewing an innocuous-looking image could hack your Android smartphone—thanks to three newly-discovered critical vulnerabilities that affect millions of devices running recent versions of Google’s mobile ...
- Pro-Tibet groups targeted with ExileRAT in spy campaign
February 5, 2019
Researchers have uncovered a new cyberespionage campaign which is targeting pro-Tibetan individuals in order to distribute the ExileRAT Trojan. On Monday, researchers from Cisco Talos said that the new campaign delivers a malicious Microsoft PowerPoint document containing the Remote Access Trojan (RAT) which is capable of stealing system and personal information, terminating or launching processes, surveillance and the ...
- The APT Name Game: How Grim Threat Actors Get Goofy Monikers
February 5, 2019
What’s in a name? When it comes to advanced persistent threat groups, it is often quite a bit. While their monikers’ may seem whimsical – Fancy Bear, Nomadic Octopus, Ocean Lotus and Darkhotel – the reality is these are not arbitrary names. In fact, many are similar to schoolyard nicknames or a type of shorthand – ...
- Sophisticated new phishing campaign targets the C-suite
February 5, 2019
A new phishing campaign to steal login credentials is being launched on businesses – specifically the C-suite. Researchers at GreatHorn first discovered the campaign which targets senior executives by claiming to be from the company’s CEO. The fake email regards the rescheduling of a board meeting. By following the link from this email and users are greeted with a ...