A previously undocumented malware downloader has been spotted in the wild in phishing attacks to deploy credential stealers and other malicious payloads.
Dubbed “Saint Bot,” the malware is said to have first appeared on the scene in January 2021, with indications that it’s under active development.
“Saint Bot is a downloader that appeared quite recently, and slowly is getting momentum. It was seen dropping stealers (i.e. Taurus Stealer) or further loaders (example), yet its design allows [it] to utilize it for distributing any kind of malware,” said Aleksandra “Hasherezade” Doniec, a threat intelligence analyst at Malwarebytes.
