All things infostealers. Week 5, 2025


A brief look at all things infostealers for the week 5, 2025 (27.01.2025–02.02.2025). This week observed updates from LummaC2 and StealC infostealers. Grabbed some numbers from marketplaces and have some interesting reports/articles about stealers.

Infostealer Updates

LummaC2

Note: The update posts are copy-pasted as is (and machine-translated if post wasn’t available in English)

Update 29.01

  1. Fixed CPU Vendor display in System.txt
  2. Cleaned WD 10/11 + Cloud

Screenshot from XSS forum

Update 1.02

  1. Added the ability to search for undownloaded logs via API
  2. The statistics page is 70% faster
  3. Fixed a bug where fields in the loader might not be displayed
  4. Common gaskets replaced
  5. Cleaning WD 10/11 + Cloud

Screenshot from XSS forum


StealC

Note: The update posts are copy-pasted as is (and machine-translated if post wasn’t available in English)

update stealc v1.12.2

Changelist:

build:

  • continue to improve data collection from chromium
  • fix bugs in code

Screenshot from XSS forum


Marketplace Updates

This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, and the victim numbers in the countries of the Nordic region.

RussianMarket

Stealers by number of victims
Stealer nameNumber of victims
Lumma6,904,733
RisePro1,430,236
Vidar1,293,720
StealC1,003,973
RedLine790,485
Raccoon330,756
Top 5 countries by number of victims
CountryNumber of victims
India1,157,327
Brazil941,070
Indonesia634,232
Egypt598,213
Pakistan578,791
Nordic region countries
CountryNumber of victims
Sweden18,878
Denmark10,136
Norway7,798
Finland6,724
Iceland969
Faroe91
Åland15

ExodusMarket

Stealers by number of victims
Stealer nameNumber of victims
RedLine82,790
Lumma70,968
Vidar56
Unknown10
Top 5 countries by number of victims
CountryNumber of victims
Peru7,306
Turkey7,178
India6,309
Pakistan6,285
Vietnam5,822
Nordic region countries
CountryNumber of victims
Norway144
Sweden96
Denmark47
Finland44
Iceland10

Articles/News

Lumma Stealer’s GitHub-Based Delivery Explored via Managed Detection and Response

  • https://www.trendmicro.com/en_us/research/25/a/lumma-stealers-github-based-delivery-via-mdr.html

No need to RSVP: a closer look at the Tria stealer campaign

  • https://securelist.com/tria-stealer-collects-sms-data-from-android-devices/115295/

Unmasking FleshStealer: A New Infostealer Threat in 2025

  • https://flashpoint.io/blog/fleshstealer-infostealer-threat-2025/

Banshee Rust Rewrite?

  • https://www.kandji.io/blog/banshee-rust-rewrite

“Crazy Evil” Cryptoscam Gang: Unmasking a Global Threat in 2024

  • https://www.recordedfuture.com/research/crazy-evil-cryptoscam-gang