Kinda Blog by CryptoLek 🍉 🌻

All things infostealers. Week 32, 2025

A brief look at all things infostealers for the week 32, 2025 (04.08.2025–10.08.2025). Grabbed some numbers from marketplaces and some interesting news/articles.

Infostealer Updates

¯\_(ツ)_/¯

Marketplace Updates

This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, the victim numbers in the countries of the Nordic region. In addition, see the CryptPad spreadsheet for all more broad numbers.

Marketplace Updates Spreadsheet

Russian Market

Stealers by number of victims
Stealer nameNumber of victims
Lumma6,837,552
Vidar510,597
RisePro145,581
StealC728,762
RedLine192,220
Acreed376,290
Racoon5,096
Rhadamanthys58,104
Top 5 countries by number of victims
CountryNumber of victims
India1,015,903
Brazil651,608
Indonesia505,106
Egypt437,550
Pakistan378,277
Nordic region countries
CountryNumber of victims
Sweden17,452
Denmark9,534
Norway7,667
Finland6,161
Iceland893
Greenland135
Faroe89
Åland21

Exodus Market

Stealers by number of victims
Stealer nameNumber of victims
Lumma480,153
Rhadamanthys108,136
RedLine35,347
Unknown26,384
StealC24,236
Vidar10,534
Top 5 countries by number of victims
CountryNumber of victims
India74,333
Brazil51,465
Indonesia38,046
USA30,402
Philippines25,659
Nordic region countries
CountryNumber of victims
Sweden1,934
Denmark1,064
Norway838
Finland624
Iceland91

Articles/News

PyLangGhost RAT: Rising Stealer from Lazarus Group Striking Finance and Technology

  • https://any.run/cybersecurity-blog/pylangghost-malware-analysis/

Ghost in the Zip | New PXA Stealer and Its Telegram-Powered Ecosystem

  • https://www.sentinelone.com/labs/ghost-in-the-zip-new-pxa-stealer-and-its-telegram-powered-ecosystem/

Unveiling a New Variant of the DarkCloud Campaign

  • https://www.fortinet.com/blog/threat-research/unveiling-a-new-variant-of-the-darkcloud-campaign

CryptoLek

, , ,