All things infostealers. Week 4, 2025


A brief look at all things infostealers for the week 4, 2025 (20.01.2025–26.01.2025). This week observed updates in LummaC2 infostealer. Grabbed some numbers from marketplaces and have some interesting reports/articles about stealers.

Infostealer Updates

LummaC2

Note: The update posts are copy-pasted as is (and machine-translated if post wasn’t available in English)

Update 23.01

  1. Added cookie activator in loader
  2. Added new type of ZIP loader, to execute EXE from archive together with additional libraries
  3. Clean WD 10/11 + Cloud

Screenshot from XSS forum


mintStealer

mintStealer has kinda updates; in the form of number infections they have achieved and the following post they provided “full” list of features of their software. For your convenience, I have archived their long paste: https://archive.ph/BKl04

Screenshot from Telegram channel


Marketplace Updates

This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, and the victim numbers in the countries of the Nordic region.

RussianMarket

Stealers by number of victims
Stealer nameNumber of victims
Lumma6,684,288
RisePro1,430,298
Vidar1,292,791
StealC1,003,173
RedLine790,549
Raccoon330,811
Top 5 countries by number of victims
CountryNumber of victims
India1,125,632
Brazil925,001
Indonesia619,591
Egypt589,627
Pakistan568,975
Nordic region countries
CountryNumber of victims
Sweden18,416
Denmark9,858
Norway7,607
Finland6,556
Iceland942
Faroe90
Åland15

ExodusMarket

Stealers by number of victims
Stealer nameNumber of victims
RedLine84,147
Lumma69,923
Vidar56
Unknown10
Top 5 countries by number of victims
CountryNumber of victims
Peru7,306
Turkey7,178
India6,309
Pakistan6,285
Vietnam5,822
Nordic region countries
CountryNumber of victims
Norway144
Sweden96
Denmark47
Finland44
Iceland10

Articles/News

Homebrew macOS Users Targeted With Information Stealer Malware

  • https://www.securityweek.com/homebrew-macos-users-targeted-with-information-stealer-malware/

Hundreds of fake Reddit sites push Lumma Stealer malware

  • https://www.bleepingcomputer.com/news/security/hundreds-of-fake-reddit-sites-push-lumma-stealer-malware/

Lumma Stealer: Fake CAPTCHAs & New Techniques to Evade Detection

  • https://www.netskope.com/blog/lumma-stealer-fake-captchas-new-techniques-to-evade-detection

Lumma Stealer Malware Updated to Use ChaCha20 Cipher for Config Decryption

  • https://www.esentire.com/blog/lumma-stealer-malware-updated-to-use-chacha20-cipher-for-config-decryption

Lumma Stealer Q&A

  • https://g0njxa.medium.com/lumma-stealer-q-a-5440ae9f0d9f