A brief look at all things infostealers for the week 12, 2025 (17.03.2025–23.03.2025). This week observed updates from LummaC2 infostealer. Grabbed some numbers from marketplaces and have some interesting reports/articles about stealers.
Infostealer Updates
LummaC2
Note: The update posts are copy-pasted as is (and machine-translated if post wasn’t available in English, possibly with some minor edits by me)
Update 18.03
- Fixed LevelDB collection for extensions that require it (e.g. Coinbase).
- Fixed MetaMask collection in Mozilla browsers
- Fixed launching of large PowerShell scripts when “From memory” launch type is selected
- Fixed knockback through spare gaskets
- Cleaned WD 10/11 + Cloud + Run-Time
Screenshot taken from user’s post on XSS forum
Update 20.03
- Returned LID to System.txt
- Fixed and improved cookie collection
- Fixed a bug that could cause builds with a long tag not to work
- Cleaned up WD 10/11 + Cloud + Run-Time
Screenshot taken from user’s post on XSS forum
Marketplace Updates
This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, and the victim numbers in the countries of the Nordic region.
RussianMarket
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 8,057,305 |
| RisePro | 1,429,672 |
| Vidar | 1,293,990 |
| StealC | 1,005,337 |
| RedLine | 789,992 |
| Raccoon | 330,144 |
| Acreed | 14,621 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 1,311,314 |
| Brazil | 1,020,297 |
| Indonesia | 702,923 |
| Egypt | 643,414 |
| Pakistan | 632,075 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 21,199 |
| Denmark | 11,357 |
| Norway | 8,866 |
| Finland | 7,485 |
| Iceland | 1,100 |
| Faroe | 104 |
| Åland | 18 |
ExodusMarket
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| RedLine | 166,092 |
| Lumma | 114,793 |
| Vidar | 56 |
| Unknown | 10 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| Peru | 7,306 |
| Turkey | 7,176 |
| India | 6,307 |
| Pakistan | 6,285 |
| Vietnam | 5,822 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Norway | 143 |
| Sweden | 96 |
| Denmark | 47 |
| Finland | 44 |
| Iceland | 10 |
Articles/News
Infostealers fueled cyberattacks and snagged 2.1B credentials last year
- https://cyberscoop.com/infostealers-cybercrime-surged-2024-flashpoint/
Arcane stealer: We want all your data
- https://securelist.com/arcane-stealer/115919/
Rilide – An Information Stealing Browser Extension
- https://blog.pulsedive.com/rilide-an-information-stealing-browser-extension/
Steam pulls game demo infecting Windows with info-stealing malware
- https://www.bleepingcomputer.com/news/security/steam-pulls-game-demo-infecting-windows-with-info-stealing-malware/