A brief look at all things infostealers for the week 3, 2025 (13.01.2025–19.01.2025). This week observed updates in LummaC2 and Xerph infostealers. Grabbed some numbers from marketplaces and have some interesting reports about stealers.
Infostealer Updates
Xerph
Note: The update posts are copy-pasted as is (and machine-translated if post wasn’t available in English)
Xerph 1.1.6 Loader + Stealer (Update)
Changes:
IP blacklisting has been added
Screenshot from XSS forum
LummaC2
Note: The update posts are copy-pasted as is (and machine-translated if post wasn’t available in English)
Update 11.01
- Cleaning WD 10/11 + Cloud
- Cleaning LNK builder
Screenshot from XSS forum
Update 15.01
- Improved search by url
- Improved password search + fixed .txt loading
- Improved password filter handling
- Added ability to output different number of logs per page
- Added method to get all logs via API
- Common gaskets replaced
- Cleaning WD 10/11 + Cloud
Screenshot from XSS forum
Update 18.01
- Cleaned up WD 10/11 + Cloud
- Changed gasket encryption method
Screenshot from XSS forum
Marketplace Updates
This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, and the victim numbers in the countries of the Nordic region.
RussianMarket
Stealers by number of victims
StealC have reached 1 million infections!
| Stealer name | Number of victims |
|---|---|
| Lumma | 6,462,235 |
| RisePro | 1,430,357 |
| Vidar | 1,292,951 |
| StealC | 1,000,415 |
| RedLine | 790,630 |
| Raccoon | 330,930 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 1,097,525 |
| Brazil | 908,871 |
| Indonesia | 604,540 |
| Egypt | 578,718 |
| Pakistan | 558,112 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 18,009 |
| Denmark | 9,584 |
| Norway | 7,401 |
| Finland | 6,434 |
| Iceland | 918 |
| Faroe | 84 |
| Åland | 15 |
ExodusMarket
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| RedLine | 87,995 |
| Lumma | 54,959 |
| Vidar | 56 |
| Unknown | 10 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| Peru | 7,305 |
| Turkey | 7,179 |
| India | 6,307 |
| Pakistan | 6,284 |
| Vietnam | 5,823 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Norway | 144 |
| Sweden | 96 |
| Denmark | 47 |
| Finland | 44 |
| Iceland | 10 |
Articles/News
What is this Stealer
- https://github.com/MalBeacon/what-is-this-stealer
Infostealer Infections Lead to Telefonica Ticketing System Breach
- https://www.securityweek.com/infostealer-infections-lead-to-telefonica-internal-ticketing-system-breach/
How Cracks and Installers Bring Malware to Your Device
- https://www.trendmicro.com/en_us/research/25/a/how-cracks-and-installers-bring-malware-to-your-device.html
MintsLoader: StealC and BOINC Delivery
- https://www.esentire.com/blog/mintsloader-stealc-and-boinc-delivery
Hunting Infostealers: A Practical Approach
- https://www.gov.il/BlobFolder/reports/alert_1848/he/ALERT-CERT-IL-W-1848.pdf