A brief look at all things infostealers for the week 2, 2025 (06.01.2025–12.01.2025). This week observed updates in LummaC2 and MintStealer infostealers. Grabbed some meaningless numbers from marketplaces and have some interesting reports about stealers.
Infostealer Updates
LummaC2
Note: The update posts are copy-pasted as is (and machine-translated if post wasn’t available in English)
Update 7.01
- Fixed a bug where the search page might not open without results
- Fixed “No duplicates” search
- Fixed a bug where random characters could be added when changing the address in the clipper
- Replaced common gaskets
- Cleaning WD 10/11 + Cloud
Screenshot from XSS forum
Mint Stealer
Note: The update posts are copy-pasted as is (and machine-translated if post wasn’t available in English)
Dear Mint Stealer customers,
The version 1.2.1 (beta 2) of mint stealer is OUT, what’s new?
● reFUD
● Adding Discord token in archive with details like if nitro or not… (was only on the panel)
● Adding Discord token in parsed (only tokens without details)
● Fix Chrome/Edge Cookies parsing
● Fix realtime detections with CMD/PS1 commands (we will use Win32API instead)
● Rename Roblox [LAUNCHER] to Roblox Launcher
● Rename Category to Parsed
and some other things (would be a too long list)
Screenshot from Telegram channel
Marketplace Updates
This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, and the victim numbers in the countries of the Nordic region.
RussianMarket
Stealers by number of victims
Stealer name | Number of victims |
---|---|
Lumma | 6,276,516 |
RisePro | 1,430,579 |
Vidar | 1,293,232 |
StealC | 999,432 |
RedLine | 790,822 |
Raccoon | 331,071 |
Top 5 countries by number of victims
Country | Number of victims |
---|---|
India | 1,071,799 |
Brazil | 894,862 |
Indonesia | 590,277 |
Egypt | 568,457 |
Pakistan | 550,685 |
Nordic region countries
Country | Number of victims |
---|---|
Sweden | 17,709 |
Denmark | 9,381 |
Norway | 7,266 |
Finland | 6,326 |
Iceland | 896 |
Faroe | 83 |
Åland | 14 |
ExodusMarket
Stealers by number of victims
Stealer name | Number of victims |
---|---|
RedLine | 82,816 |
Lumma | 38,044 |
Vidar | 56 |
Unknown | 10 |
Top 5 countries by number of victims
Country | Number of victims |
---|---|
Peru | 7,306 |
Turkey | 7,182 |
India | 6,308 |
Pakistan | 6,285 |
Vietnam | 5,824 |
Nordic region countries
Country | Number of victims |
---|---|
Norway | 144 |
Sweden | 96 |
Denmark | 47 |
Finland | 44 |
Iceland | 10 |
Articles/News
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
- https://www.trendmicro.com/en_us/research/25/a/information-stealer-masquerades-as-ldapnightmare-poc-exploit.html
Cracking the Code: How Banshee Stealer Targets macOS Users
- https://blog.checkpoint.com/research/cracking-the-code-how-banshee-stealer-targets-macos-users/