The Reveal Platform
Intel Name: Santastealer is coming to town: a new, ambitious infostealer advertised on underground forums
Date of Scan: December 23, 2025
Impact: High
Summary: SantaStealer is a newly emerging malware-as-a-service infostealer promoted on Telegram and underground forums, with a planned release before the end of 2025. Recently rebranded from BluelineStealer, it is designed to steal credentials, documents, wallets, and application data while operating entirely in memory to evade detection. Although marketed as a highly advanced, fully undetected C-based stealer, available samples show limited obfuscation, allowing researchers to assess its actual capabilities and sophistication.
