A brief look at all things infostealers for the week 4, 2025 (20.01.2025–26.01.2025). This week observed updates in LummaC2 infostealer. Grabbed some numbers from marketplaces and have some interesting reports/articles about stealers.
Infostealer Updates
LummaC2
Note: The update posts are copy-pasted as is (and machine-translated if post wasn’t available in English)
Update 23.01
- Added cookie activator in loader
- Added new type of ZIP loader, to execute EXE from archive together with additional libraries
- Clean WD 10/11 + Cloud
Screenshot from XSS forum
mintStealer
mintStealer has kinda updates; in the form of number infections they have achieved and the following post they provided “full” list of features of their software. For your convenience, I have archived their long paste: https://archive.ph/BKl04
Screenshot from Telegram channel
Marketplace Updates
This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, and the victim numbers in the countries of the Nordic region.
RussianMarket
Stealers by number of victims
Stealer name | Number of victims |
---|---|
Lumma | 6,684,288 |
RisePro | 1,430,298 |
Vidar | 1,292,791 |
StealC | 1,003,173 |
RedLine | 790,549 |
Raccoon | 330,811 |
Top 5 countries by number of victims
Country | Number of victims |
---|---|
India | 1,125,632 |
Brazil | 925,001 |
Indonesia | 619,591 |
Egypt | 589,627 |
Pakistan | 568,975 |
Nordic region countries
Country | Number of victims |
---|---|
Sweden | 18,416 |
Denmark | 9,858 |
Norway | 7,607 |
Finland | 6,556 |
Iceland | 942 |
Faroe | 90 |
Åland | 15 |
ExodusMarket
Stealers by number of victims
Stealer name | Number of victims |
---|---|
RedLine | 84,147 |
Lumma | 69,923 |
Vidar | 56 |
Unknown | 10 |
Top 5 countries by number of victims
Country | Number of victims |
---|---|
Peru | 7,306 |
Turkey | 7,178 |
India | 6,309 |
Pakistan | 6,285 |
Vietnam | 5,822 |
Nordic region countries
Country | Number of victims |
---|---|
Norway | 144 |
Sweden | 96 |
Denmark | 47 |
Finland | 44 |
Iceland | 10 |
Articles/News
Homebrew macOS Users Targeted With Information Stealer Malware
- https://www.securityweek.com/homebrew-macos-users-targeted-with-information-stealer-malware/
Hundreds of fake Reddit sites push Lumma Stealer malware
- https://www.bleepingcomputer.com/news/security/hundreds-of-fake-reddit-sites-push-lumma-stealer-malware/
Lumma Stealer: Fake CAPTCHAs & New Techniques to Evade Detection
- https://www.netskope.com/blog/lumma-stealer-fake-captchas-new-techniques-to-evade-detection
Lumma Stealer Malware Updated to Use ChaCha20 Cipher for Config Decryption
- https://www.esentire.com/blog/lumma-stealer-malware-updated-to-use-chacha20-cipher-for-config-decryption
Lumma Stealer Q&A
- https://g0njxa.medium.com/lumma-stealer-q-a-5440ae9f0d9f