A brief look at all things infostealers for the week 13, 2025 (24.03.2025–30.03.2025). This week observed updates from LummaC2 and StealC infostealers. Grabbed some numbers from marketplaces and have some interesting reports/articles about stealers.
Infostealer Updates
LummaC2
Note: The update posts are copy-pasted as is (and machine-translated if post wasn’t available in English, possibly with some minor edits by me)
**Update 28.03 **
- Added computer, hostname, bios keys for knocking in Telegram
- Added the ability to specify filters from a new line
- Fixed problem with automatic blank line in the message input field for knocking in Telegram
- Fixed decryption of cookies, tokens and passwords when collected from administrator
Screenshot from XSS Forum
Update 29.03
- Cleaning WD 10/11 + Cloud + Run-Time
- Cleaning lnk-builder
Screenshot from XSS Forum
StealC
Since there’s a major update to StealC, I decided to make a separate blog post about it.
Marketplace Updates
This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, and the victim numbers in the countries of the Nordic region.
RussianMarket
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 8,195,121 |
| RisePro | 1,429,610 |
| Vidar | 1,297,376 |
| StealC | 1,005,896 |
| RedLine | 789,927 |
| Raccoon | 330,085 |
| Acreed | 17,117 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 1,331,647 |
| Brazil | 1,029,244 |
| Indonesia | 710,173 |
| Egypt | 649,241 |
| Pakistan | 640,289 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 21,470 |
| Denmark | 11,471 |
| Norway | 8,966 |
| Finland | 7,563 |
| Iceland | 1,107 |
| Greenland | 168 |
| Faroe | 107 |
| Åland | 18 |
ExodusMarket
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 117,456 |
| RedLine | 93,057 |
| Vidar | 56 |
| Unknown | 10 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| Peru | 7,306 |
| Turkey | 7,176 |
| India | 6,307 |
| Pakistan | 6,285 |
| Vietnam | 5,822 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Norway | 142 |
| Sweden | 96 |
| Denmark | 47 |
| Finland | 44 |
| Iceland | 10 |
Articles/News
Multiple crypto packages hijacked, turned into info-stealers
- https://www.sonatype.com/blog/multiple-crypto-packages-hijacked-turned-into-info-stealers
EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware
- https://thehackernews.com/2025/03/encrypthub-exploits-windows-zero-day-to.html
Binance CSO: Understanding Recent Credential Leaks and the Rise of InfoStealer Malware
- https://www.binance.com/en/blog/security/binance-cso-understanding-recent-credential-leaks-and-the-rise-of-infostealer-malware-646085240367972382
StealC V2 – A Major Update to a Popular Infostealer
- https://cryptolek.info/2025/03/30/stealc-v2-a-major-update-to-a-popular-infostealer/