A brief look at all things infostealers for the week 24, 2025 (09.06.2025–15.06.2025). This week observed updates in MonsterV2 and Bee Stealer stealers, and emergence of Fusion Stealer. Grabbed some numbers from marketplaces and some interesting news/articles.
Infostealer Updates
MonsterV2
Note: The update posts are copy-pasted as is (and machine-translated if post wasn’t available in English, possibly with some minor edits by me)
[=] Fixed a bug where log synchronization errors were not displayed in the panel
[=] Fixed a bug with saving bot filter states
[=] Fixed a bug where the saved state of stealer log filters was not displayed
[=] Minor optimizations in the panel code
[+] Added a geo filter to the log and bot pages
[!] Rebuild not required!
Screenshot from XSS forum
Bee Stealer
Note: The update posts are copy-pasted as is (and machine-translated if post wasn’t available in English, possibly with some minor edits by me)
update
completely rewritten back/front web panel
builder .exe is now available (crypt is required, I issue captcha as before by hand)
more convenient log export
sorting table with logs
Screenshot from XSS forum
Fusion Stealer
Note: The update posts are copy-pasted as is (and machine-translated if post wasn’t available in English, possibly with some minor edits by me)
Comment: Well, the outcome of the post was pretty obvious. The thread was closed by the administration of the forum until the user makes a deposit to the forum.
This stealer is for rent, since it is still in a testing phase, therefore the price is so low.
A little about the stealer
c++ without dependencies
build weight 120-130kb (MSbuild)
The output is a native file that is very easy to crypt.
Collects
Chrome Firefox Opera Edge Brave (Passwords / Cookie / History)
TDATA / Discord / VPN / FTP
Crypto
Exodus Zcash Electrum Atomic
System information about PC
Client-side decryption, data is sent to TG with protection from log hijacking.
At the moment the cost is 35$/month.
CIS countries are blocked.
Screenshot from XSS forum
Marketplace Updates
This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, and the victim numbers in the countries of the Nordic region.
RussianMarket
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 9,058,562 |
| RisePro | 1,429,206 |
| Vidar | 1,373,973 |
| StealC | 1,018,142 |
| RedLine | 789,449 |
| Raccoon | 329,406 |
| Acreed | 213,067 |
| Rhadamanthys | 24,430 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 1,480,308 |
| Brazil | 1,109,191 |
| Indonesia | 767,018 |
| Egypt | 702,457 |
| Pakistan | 690,906 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 24,125 |
| Denmark | 12,689 |
| Norway | 10,121 |
| Finland | 8,545 |
| Iceland | 1,216 |
| Greenland | 182 |
| Faroe | 117 |
| Åland | 20 |
ExodusMarket
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 446,942 |
| RedLine | 35,103 |
| Rhadamanthys | 24,361 |
| Unknown | 13,628 |
| StealC | 7,771 |
| Vidar | 4,207 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 55,793 |
| Brazil | 39,991 |
| Indonesia | 31,350 |
| Philippines | 20,372 |
| USA | 19,406 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 1,384 |
| Denmark | 802 |
| Norway | 594 |
| Finland | 466 |
| Iceland | 75 |
Articles/News
Demystifying Myth Stealer: A Rust Based InfoStealer
- https://www.trellix.com/en-in/blogs/research/demystifying-myth-stealer-a-rust-based-infostealer/
Amos hiding in GitHub
- https://medium.com/walmartglobaltech/amos-hiding-in-github-199eabea6605
Understanding Katz Stealer Malware and Its Credential Theft Capabilities
- https://www.picussecurity.com/resource/blog/understanding-katz-stealer-malware-and-its-credential-theft-capabilities
Dozens arrested across Asia in global infostealer malware crackdown
- https://therecord.media/dozens-arrested-infostealer-interpol-crackdown