SantaStealer zeroes in on crypto wallets as main target

The post SantaStealer zeroes in on crypto wallets as main target appeared on BitcoinEthereumNews.com.

SantaStealer is a new information-stealing malware that targets crypto wallets. The malware-as-a-service (MaaS) extracts private data linked to any type of crypto. Researchers at Rapid7 say that SantaStealer is a rebrand of another infostealer called BluelineStealer. The developer of SantaStealer is rumored to be preparing a wider launch before the year ends. At the moment, the malware is advertised on Telegram and hacker forums, and offered as a subscription service. Basic access costs $175 per month, while Premium access is more expensive and costs $300. The SantaStealer malware developers claim enterprise-level capability with antivirus bypasses and corporate network access. SantaStealer targets crypto wallets Crypto wallets are the main focus of SantaStealer. The malware targets crypto wallet apps like Exodus and browser extensions like MetaMask. It is designed to extract private data linked to digital assets. The malware doesn’t stop there. It also steals browser data, including passwords, cookies, browsing history, and saved credit card information. Messaging platforms such as Telegram and Discord are targeted as well. Steam data and local documents are included. The malware can also capture desktop screenshots. To do this, it drops or loads an embedded executable. That executable decrypts and injects code into the browser. This allows access to protected keys. SantaStealer advertisement in Russian and English. Source: Rapid7. SantaStealer runs many data collection modules simultaneously. Each module operates in its own thread. Stolen data is written to memory, compressed into ZIP files, and exfiltrated in 10MB chunks. The data is sent to a hardcoded command-and-control server over port 6767. To reach wallet data stored in browsers, the malware bypasses Chrome’s App-Bound Encryption, which was introduced in July of 2024. According to Rapid7, multiple info-stealers have already defeated it. The malware is marketed as advanced, with total evasion. But Rapid7 security researchers say the malware does…

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: News - @ December 21, 2025 9:20 am