Saintstealer Malware

Security researchers recently detailed a new malicious payload. The malware in question is an infostealer with rich functionality that was codenamed Saintstealer.

Saintstealer can scrape and exfiltrate both system information and assorted credentials data. Distributed under the filename "saintgang.exe", Saintstealer is compiled as a 32-bit executable that uses the .NET framework. As can be expected, the malware has built-in anti-virtualization measures so that it can avoid honeypots and researcher testbeds.

The infostealer goes beyond what most similar malware can do. Saintstealer can grab form autofill data from Chrome and Edge, and steal cookies and passwords. It can also intercept Discord multi-factor authentication tokens and steal information from installed instances of Telegram and a number of popular VPN applications. The malware can also collect plain text and MS Word documents.

Once data collection is complete, Saintstealer zips everything up in a single archive file, puts a password on it, and sends it to the malware operators. In addition to this, the metadata recorded during the collection and exfiltration process is passed to the malware's command and control server.

The IP address that Saintstealer uses as its server infrastructure is the same one used by older infostealer threats such as EchelonStealer and QuasarRAT.

Saintstealer is sold as a subscription service, for $100 per month. A one-time purchase lifetime "license" to the malicious tool is also offered on hacker forums for the sum of $900.

Infostealers may seem like a relatively low-threat malware but in reality, depending on the nature of the information stolen, they can cause significant damage to both organizations and commercial entities and home users.

May 11, 2022
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.