A brief look at all things infostealers for the week 36, 2025 (01.09.2025–07.09.2025). Grabbed some numbers from marketplaces and some interesting news/articles.
Infostealer Updates
¯\_(ツ)_/¯
Marketplace Updates
This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, the victim numbers in the countries of the Nordic region. In addition, see the CryptPad spreadsheet for all more broad numbers.
Russian Market
Stealers by number of victims
Stealer name Number of victims Lumma 6,924,445 Vidar 526,715 RisePro 145,560 StealC 732,184 RedLine 192,197 Acreed 476,327 Racoon 5,095 Rhadamanthys 122,434
Top 5 countries by number of victims
Country Number of victims India 1,059,216 Brazil 667,674 Indonesia 517,299 Egypt 450,543 Pakistan 389,898
Nordic region countries
Country Number of victims Sweden 18,175 Denmark 9,924 Norway 8,021 Finland 6,436 Iceland 933 Greenland 137 Faroe 90 Åland 21
Exodus Market
Stealers by number of victims
Stealer name Number of victims Lumma 475,352 Rhadamanthys 107,759 RedLine 35,139 StealC 26,712 Vidar 11,639
Top 5 countries by number of victims
Country Number of victims India 71,763 Brazil 50,468 Indonesia 37,174 USA 29,021 Philippines 24,793
Nordic region countries
Country Number of victims Sweden 1,915 Denmark 1,052 Norway 825 Finland 612 Iceland 85
Articles/News
Unmasked: Salat Stealer – A Deep Dive into Its Advanced Persistence Mechanisms and C2 Infrastructure
https://www.cyfirma.com/research/unmasked-salat-stealer-a-deep-dive-into-its-advanced-persistence-mechanisms-and-c2-infrastructure/
Threat Actors Impersonate Microsoft Teams To Deliver Odyssey macOS Stealer Via Clickfix
https://www.cloudsek.com/blog/threat-actors-impersonate-microsoft-teams-to-deliver-odyssey-macos-stealer-via-clickfix
Not Safe for Work: Tracking and Investigating Stealerium and Phantom Infostealers
https://www.proofpoint.com/us/blog/threat-insight/not-safe-work-tracking-and-investigating-stealerium-and-phantom-infostealers