A brief look at all things infostealers for the week 5, 2025 (27.01.2025–02.02.2025). This week observed updates from LummaC2 and StealC infostealers. Grabbed some numbers from marketplaces and have some interesting reports/articles about stealers.
Infostealer Updates
LummaC2
Note: The update posts are copy-pasted as is (and machine-translated if post wasn’t available in English)
Update 29.01
- Fixed CPU Vendor display in System.txt
- Cleaned WD 10/11 + Cloud
Screenshot from XSS forum
Update 1.02
- Added the ability to search for undownloaded logs via API
- The statistics page is 70% faster
- Fixed a bug where fields in the loader might not be displayed
- Common gaskets replaced
- Cleaning WD 10/11 + Cloud
Screenshot from XSS forum
StealC
Note: The update posts are copy-pasted as is (and machine-translated if post wasn’t available in English)
update stealc v1.12.2
Changelist:
build:
- continue to improve data collection from chromium
- fix bugs in code
Screenshot from XSS forum
Marketplace Updates
This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, and the victim numbers in the countries of the Nordic region.
RussianMarket
Stealers by number of victims
Stealer name | Number of victims |
---|---|
Lumma | 6,904,733 |
RisePro | 1,430,236 |
Vidar | 1,293,720 |
StealC | 1,003,973 |
RedLine | 790,485 |
Raccoon | 330,756 |
Top 5 countries by number of victims
Country | Number of victims |
---|---|
India | 1,157,327 |
Brazil | 941,070 |
Indonesia | 634,232 |
Egypt | 598,213 |
Pakistan | 578,791 |
Nordic region countries
Country | Number of victims |
---|---|
Sweden | 18,878 |
Denmark | 10,136 |
Norway | 7,798 |
Finland | 6,724 |
Iceland | 969 |
Faroe | 91 |
Åland | 15 |
ExodusMarket
Stealers by number of victims
Stealer name | Number of victims |
---|---|
RedLine | 82,790 |
Lumma | 70,968 |
Vidar | 56 |
Unknown | 10 |
Top 5 countries by number of victims
Country | Number of victims |
---|---|
Peru | 7,306 |
Turkey | 7,178 |
India | 6,309 |
Pakistan | 6,285 |
Vietnam | 5,822 |
Nordic region countries
Country | Number of victims |
---|---|
Norway | 144 |
Sweden | 96 |
Denmark | 47 |
Finland | 44 |
Iceland | 10 |
Articles/News
Lumma Stealer’s GitHub-Based Delivery Explored via Managed Detection and Response
- https://www.trendmicro.com/en_us/research/25/a/lumma-stealers-github-based-delivery-via-mdr.html
No need to RSVP: a closer look at the Tria stealer campaign
- https://securelist.com/tria-stealer-collects-sms-data-from-android-devices/115295/
Unmasking FleshStealer: A New Infostealer Threat in 2025
- https://flashpoint.io/blog/fleshstealer-infostealer-threat-2025/
Banshee Rust Rewrite?
- https://www.kandji.io/blog/banshee-rust-rewrite
“Crazy Evil” Cryptoscam Gang: Unmasking a Global Threat in 2024
- https://www.recordedfuture.com/research/crazy-evil-cryptoscam-gang