A brief look at all things infostealers for the week 42, 2025 (17.10.2025–19.10.2025). Grabbed some numbers from marketplaces and some interesting news/articles.
Infostealer Updates
¯\_(ツ)_/¯
Marketplace Updates
This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, the victim numbers in the countries of the Nordic region. In addition, see the CryptPad spreadsheet for all more broad numbers.
Marketplace Updates Spreadsheet
Russian Market
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 6,974,579 |
| Vidar | 579,381 |
| RisePro | 145,544 |
| StealC | 759,201 |
| RedLine | 192,177 |
| Acreed | 671,828 |
| Raccoon | 5,086 |
| Rhadamanthys | 327,581 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 1,114,121 |
| Brazil | 701,943 |
| Indonesia | 541,048 |
| Egypt | 470,011 |
| Pakistan | 403,916 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 19,759 |
| Denmark | 10,771 |
| Norway | 8,699 |
| Finland | 7,051 |
| Iceland | 998 |
| Greenland | 144 |
| Faroe | 96 |
| Åland | 22 |
Exodus Market
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 474,588 |
| Rhadamanthys | 107,073 |
| RedLine | 35,087 |
| StealC | 26,476 |
| Vidar | 11,383 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 71,732 |
| Brazil | 50,428 |
| Indonesia | 37,161 |
| USA | 28,736 |
| Philippines | 24,772 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 1,914 |
| Denmark | 1,050 |
| Norway | 820 |
| Finland | 603 |
| Iceland | 83 |
Articles/News
Shifts in the Underground: The Impact of Water Kurita’s (Lumma Stealer) Doxxing
- https://www.trendmicro.com/en_us/research/25/j/the-impact-of-water-kurita-lumma-stealer-doxxing.html
Odyssey Stealer and AMOS Campaign Targets macOS Developers Through Fake Tools
- https://hunt.io/blog/macos-odyssey-amos-malware-campaign
When the monster bytes: tracking TA585 and its arsenal
- https://www.proofpoint.com/us/blog/threat-insight/when-monster-bytes-tracking-ta585-and-its-arsenal
TikTok videos continue to push infostealers in ClickFix attacks
- https://www.bleepingcomputer.com/news/security/tiktok-videos-continue-to-push-infostealers-in-clickfix-attacks/