A brief look at all things infostealers for the week 34, 2025 (18.08.2025–24.08.2025). Grabbed some numbers from marketplaces and some interesting news/articles.
Infostealer Updates
¯\_(ツ)_/¯
Marketplace Updates
This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, the victim numbers in the countries of the Nordic region. In addition, see the CryptPad spreadsheet for all more broad numbers.
Marketplace Updates Spreadsheet
Russian Market
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 6,869,208 |
| Vidar | 516,574 |
| RisePro | 145,573 |
| StealC | 732,275 |
| RedLine | 192,209 |
| Acreed | 431,338 |
| Racoon | 5,096 |
| Rhadamanthys | 80,164 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 1,033,241 |
| Brazil | 659,491 |
| Indonesia | 510,606 |
| Egypt | 443,557 |
| Pakistan | 383,289 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 17,789 |
| Denmark | 9,679 |
| Norway | 7,836 |
| Finland | 6,282 |
| Iceland | 906 |
| Greenland | 137 |
| Faroe | 90 |
| Åland | 21 |
Exodus Market
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 475,382 |
| Rhadamanthys | 107,810 |
| RedLine | 35,139 |
| StealC | 25,949 |
| Vidar | 10,771 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 71,669 |
| Brazil | 50,297 |
| Indonesia | 37,109 |
| USA | 28,955 |
| Philippines | 24,706 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 1,910 |
| Denmark | 1,050 |
| Norway | 822 |
| Finland | 614 |
| Iceland | 85 |
Articles/News
Behind the Curtain: How Lumma Affiliates Operate
- https://assets.recordedfuture.com/insikt-report-pdfs/2025/cta-2025-0820.pdf
- https://www.morphisec.com/blog/noodlophile-stealer-evolves-targeted-copyright-phishing-hits-enterprises-with-social-media-footprints/
Detailed Analysis of the Stealer-Traffer Ecosystem
- https://medium.com/s2wblog/detailed-analysis-of-the-stealer-traffer-ecosystem-40ba805e1bca
A new, cheaper Mac stealer is quickly spreading on the dark web
- https://moonlock.com/new-mac-stealer-spreading
Falcon Platform Prevents COOKIE SPIDER’s SHAMOS Delivery on macOS
- https://www.crowdstrike.com/en-us/blog/falcon-prevents-cookie-spider-shamos-delivery-macos/
Think before you Click(Fix): Analyzing the ClickFix social engineering technique
- https://www.microsoft.com/en-us/security/blog/2025/08/21/think-before-you-clickfix-analyzing-the-clickfix-social-engineering-technique/