A brief look at all things infostealers for the week 6, 2025 (03.02.2025–09.02.2025). This week observed updates from LummaC2 infostealer. Grabbed some numbers from marketplaces and have some interesting reports/articles about stealers.
Infostealer Updates
LummaC2
Note: The update posts are copy-pasted as is (and machine-translated if post wasn’t available in English)
Update 6.02
- Improved parsing of installed antiviruses
- Improved the behavior of the knocking statistics, now the target values are adjusted automatically
- Increased security of sessions in the panel
- Fixed a bug in the build when System.txt might not always arrive
- Cleaning WD 10/11 + Cloud
Screenshot from XSS forum
Update 9.02
Added “improved proxies”. This means that if the proxy is banned, you can replace it at any time and keep the knock.
Screenshot from XSS forum
Marketplace Updates
This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, and the victim numbers in the countries of the Nordic region.
RussianMarket
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 7,172,570 |
| RisePro | 1,430,151 |
| Vidar | 1,293,553 |
| StealC | 1,005,663 |
| RedLine | 790,409 |
| Raccoon | 330,650 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 1,194,543 |
| Brazil | 959,400 |
| Indonesia | 651,175 |
| Egypt | 609,583 |
| Pakistan | 591,595 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 19,331 |
| Denmark | 10,408 |
| Norway | 7,987 |
| Finland | 6,867 |
| Iceland | 999 |
| Faroe | 93 |
| Åland | 15 |
ExodusMarket
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| RedLine | 119,438 |
| Lumma | 80,313 |
| Vidar | 56 |
| Unknown | 10 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| Peru | 7,306 |
| Turkey | 7,178 |
| India | 6,309 |
| Pakistan | 6,285 |
| Vietnam | 5,822 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Norway | 144 |
| Sweden | 96 |
| Denmark | 47 |
| Finland | 44 |
| Iceland | 10 |
Articles/News
Stealers on the Rise: A Closer Look at a Growing macOS Threat
- https://unit42.paloaltonetworks.com/macos-stealers-growing/
Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer
- https://securityaffairs.com/173991/apt/north-koreas-kimsuky-forcecopy-malware.html