Beware Of SantaStealer Malware, The Unwanted Gift That Keeps On Pilfering

Security researchers at Rapid7 Labs have unmasked a new piece of malware dubbed SantaStealer, which got its name due to the proximity of Christmas. If this app makes its way down the chimney, though it’s looking for more than just milk and cookies.

Attackers can utilize SantaStealer to steal a variety of data from unsuspecting Windows users. It will hoover up documents, crypto wallets, login credentials, and data associated with a variety of applications including Discord and Steam. Once this data is collected, it’s compressed and divided into 10MB chunks and sent back to a command and control (C2) server.


What might make SantaStealer a significant problem moving forward is just how accessible it is. It’s offered in two flavors, a basic plan at $175 a month and a premium plan at $300 a month. Interested buyers can gain access through a web panel and dedicated Telegram channel.

Thankfully, SantaStealer falls short of many of the lofty claims made by its developers. For example, it promises that it’s an undetectable piece of malware, but the security researchers were able to detect it and analyze it in short order. It also fails to encrypt a victim’s data when it tries to send it back to the C2 server. However, it’s still in active development and the promised evasion features may be added down the line.

To stay safe and avoid having to deal with the headache of being hit by any malware, including SantaStealer, Rapid7 Labs recommends users be mindful of any links they click and of suspicious e-mail attachments, and to keep their systems patched and anti-virus software up to date. Additionally, it’s wise to stay away from pirated software, and unverified web browser plugins and extensions.