Kinda Blog by CryptoLek

All things infostealers. Week 18, 2025

A brief look at all things infostealers for the week 18, 2025 (28.04.2025–04.05.2025). This week observed updates from LummaC2 and StealC infostealers. Grabbed some numbers from marketplaces and some interesting news/articles.

Infostealer Updates

LummaC2

Note: The update posts are copy-pasted as is (and machine-translated if post wasn’t available in English, possibly with some minor edits by me)

Update 30.04

  1. Added ability to ignore certain builds by their tag
  2. Fixed Edge cookie and password collection
  3. Cleaned up WD 10/11 + Cloud

Screenshot taken from XSS forum

Update 3.05

  1. Added collection of crypto extensions Brave Wallet, Ctrl Wallet, Ecto Wallet, Eternl, EVER Wallet, Finnie, Goby, Hashpack, KardiaChain Wallet, Keeper Wallet, Leap Terra Wallet, MyTonWallet, Nightly, OpenMask, Oxygen, Pali Wallet, Pulse Wallet, Rainbow Wallet, Rise Wallet, Sender Wallet, SteemKeychain, TON Wallet, Tonkeeper, Uniswap Extension
  2. Added BrowserPass, CommonKey, Dashlane, Keeper Password Manager, MYKI, OneKey, RoboForm, Splikity password manager extensions collection
  3. Fixed MetaMask crypto-extensions collection
  4. Fixed collection of EOS Authenticator, GAuth Authenticator authenticator extensions.
  5. Fixed icon selection in lnk-builder
  6. Cleanup WD 10/11 + Cloud

Screenshot taken from XSS forum

StealC v2

Note: The update posts are copy-pasted as is (and machine-translated if post wasn’t available in English, possibly with some minor edits by me)

Stealc v2.4.0 update

Build:

  • Stab bitness changed to x32 (in 2.5.0 we will add a switch in the admin, at the moment through support build an update file for the required bitness)
  • Improved builder, removed a large number of compiler settings that could interfere with the work of stubs cryptors
  • A large number of minor changes in the code

Screenshot taken from XSS forum

Marketplace Updates

This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, and the victim numbers in the countries of the Nordic region.

RussianMarket

Stealers by number of victims
Stealer nameNumber of victims
Lumma8,686,296
RisePro1,429,438
Vidar1,316,629
StealC1,005,540
RedLine789,740
Raccoon329,799
Rhadamanthys24,502
Acreed19,423
Top 5 countries by number of victims
CountryNumber of victims
India1,397,228
Brazil1,066,647
Indonesia737,353
Egypt673,373
Pakistan666,071
Nordic region countries
CountryNumber of victims
Sweden22,600
Denmark12,024
Norway9,417
Finland7,958
Iceland1,151
Greenland172
Faroe114
Åland18

ExodusMarket

Stealers by number of victims
Stealer nameNumber of victims
Lumma321,080
RedLine108,169
Vidar48
Unknown6,789
Top 5 countries by number of victims
CountryNumber of victims
India44,547
Brazil28,694
Indonesia25,226
Philippines19,646
Turkey18,231
Nordic region countries
CountryNumber of victims
Sweden914
Denmark528
Norway495
Finland342
Iceland60

Articles/News

Gremlin Stealer: New Stealer on Sale in Underground Forum

  • https://unit42.paloaltonetworks.com/new-malware-gremlin-stealer-for-sale-on-telegram/

Finding Malware: Unveiling LUMMAC.V2 with Google Security Operations

  • https://www.googlecloudcommunity.com/gc/Community-Blog/Finding-Malware-Unveiling-LUMMAC-V2-with-Google-Security/ba-p/899110

Yet Another NodeJS Backdoor (YaNB): A Modern Challenge

  • https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/yet-another-nodejs-backdoor-yanb-a-modern-challenge/

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

  • https://www.recordedfuture.com/research/uncovering-mintsloader-with-recorded-future-malware-intelligence-hunting

TerraStealerV2 and TerraLogger: Golden Chickens’ New Malware Families Discovered

  • https://www.recordedfuture.com/research/terrastealerv2-and-terralogger

Threat Actors are Targeting US Tax-Session with new Tactics of Stealerium-infostealer

  • https://www.seqrite.com/blog/threat-actors-are-targeting-us-tax-session-with-new-tactics-of-stealerium-infostealer/

I StealC You: Tracking the Rapid Changes To StealC

  • https://www.zscaler.com/blogs/security-research/i-stealc-you-tracking-rapid-changes-stealc

CryptoLek

, , , , , ,