A double-pronged cybersecurity crisis is unfolding this week as the notorious hacking collective ShinyHunters demands a Bitcoin ransom from adult entertainment giant Pornhub, while a separate malware-as-a-service (MaaS) operation dubbed “SantaStealer” has begun flooding hacker forums with capabilities designed to drain crypto wallets.
The Mixpanel Supply Chain Attack
ShinyHunters, the group previously linked to the Ticketmaster and Santander breaches, is actively extorting Pornhub after compromising Mixpanel, a third-party analytics provider. The hackers claim to possess 94GB of data representing 200 million records, including the granular search and watch history of Premium users.
While Pornhub confirmed the supply chain incident, stating that “passwords, payment details, and financial information remain secure,” the reputational damage is the leverage. ShinyHunters is demanding an undisclosed sum in Bitcoin (BTC) to prevent the public release of the database. This tactic shifts the focus from financial theft to “privacy extortion,” a growing trend where on-chain payments are the only exit for compromised entities.
“We demand a ransom payment in Bitcoin to prevent the publication of data and to delete the data.” — ShinyHunters (via Reuters)
‘SantaStealer’ Emerges on Telegram
Coinciding with the high-profile extortion attempt is the discovery of SantaStealer, a rebranded version of the “BluelineStealer” malware now being auctioned on Telegram as a service. Rapid7 researchers identified the tool, which is explicitly engineered to bypass antivirus detection by operating solely in system memory.
The malware’s primary directive is asset liquidation. It targets:
- Crypto Wallet Extensions: Metamask, Phantom, and Coinbase Wallet data.
- Session Tokens: Discord and Telegram credentials (often used to bypass 2FA).
- Browser Data: Saved passwords and cookies.
The simultaneous rise of supply chain exploits like the Mixpanel breach and retail-focused drainers like SantaStealer highlights a bifurcated threat landscape. Institutions are being held hostage for Bitcoin, while individual users face automated draining tools sold for as little as $175/month.
