A brief look at all things infostealers for the week 7, 2025 (10.02.2025–16.02.2025). This week observed updates from LummaC2 infostealer. Grabbed some numbers from marketplaces and have some interesting reports/articles about stealers.
Infostealer Updates
LummaC2
Note: The update posts are copy-pasted as is (and machine-translated if post wasn’t available in English)
Update 16.02
- Session security has been improved
- Improved performance and meaningfulness of metrics
- Improved file security
- Authorization security is improved
- Cleaning WD 10/11 + Cloud + Run-Time
Screenshot from XSS forum
Marketplace Updates
This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, and the victim numbers in the countries of the Nordic region.
RussianMarket
Now this is intriguing. There’s a new stealer name “Acreed”, never heard of it and a quick search didn’t result in anything meaningful.
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 7,363,035 |
| RisePro | 1,430,063 |
| Vidar | 1,293,386 |
| StealC | 1,005,561 |
| RedLine | 790,305 |
| Raccoon | 330,549 |
| Acreed | 1,279 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 1,217,385 |
| Brazil | 971,586 |
| Indonesia | 663,920 |
| Egypt | 617,471 |
| Pakistan | 599,011 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 19,761 |
| Denmark | 10,605 |
| Norway | 8,165 |
| Finland | 7,007 |
| Iceland | 1,023 |
| Faroe | 94 |
| Åland | 16 |
ExodusMarket
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| RedLine | 133,326 |
| Lumma | 94,248 |
| Vidar | 56 |
| Unknown | 10 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| Peru | 7,306 |
| Turkey | 7,177 |
| India | 6,309 |
| Pakistan | 6,285 |
| Vietnam | 5,822 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Norway | 144 |
| Sweden | 96 |
| Denmark | 47 |
| Finland | 44 |
| Iceland | 10 |
Articles/News
DeepSeek ClickFix Scam Exposed! Protect Your Data Before It’s Too Late
- https://www.cloudsek.com/blog/deepseek-clickfix-scam-exposed-protect-your-data-before-its-too-late
OpenAI Finds No Evidence of Breach After Hacker Offers to Sell 20 Million Credentials
- https://www.securityweek.com/openai-finds-no-evidence-of-breach-after-hacker-offers-to-sell-20m-credentials/
PirateFi game on Steam caught installing password-stealing malware
- https://www.bleepingcomputer.com/news/security/piratefi-game-on-steam-caught-installing-password-stealing-malware/