A brief look at all things infostealers for the week 43, 2025 (20.10.2025–26.10.2025). Observed updates in AID_Stealer and AURA Stealer. Grabbed some numbers from marketplaces and few interesting news/articles for you to read.
Infostealer Updates
AID_Stealer
SMALL FIX
1) General refactoring of the stub code + managed to slightly reduce the build weight.
2) Fixed and updated the pinning option for builds with a resident module (removed and replaced the garbage method).
Screenshot from BHF
AURA Stealer
Minor update
Build updated:
- Updated collection of the latest versions of Edge and Brave browsers
- Build remorphing
Panel update:
- General optimization of panel performance
- Regular database maintenance and index optimization performed
Screenshot from BHF
Marketplace Updates
This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, the victim numbers in the countries of the Nordic region. In addition, see the CryptPad spreadsheet for all more broad numbers.
Marketplace Updates Spreadsheet
Russian Market
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 6,982,231 |
| Vidar | 603,229 |
| RisePro | 145,539 |
| StealC | 765,416 |
| RedLine | 192,171 |
| Acreed | 760,687 |
| Raccoon | 5,085 |
| Rhadamanthys | 364,660 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 1,130,566 |
| Brazil | 711,995 |
| Indonesia | 546,053 |
| Egypt | 474,572 |
| Pakistan | 408,454 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 20,254 |
| Denmark | 11,050 |
| Norway | 8,951 |
| Finland | 7,261 |
| Iceland | 1,029 |
| Greenland | 149 |
| Faroe | 97 |
| Åland | 22 |
Exodus Market
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 474,444 |
| Rhadamanthys | 106,983 |
| RedLine | 35,070 |
| StealC | 26,446 |
| Vidar | 11,354 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 71,724 |
| Brazil | 50,420 |
| Indonesia | 37,155 |
| USA | 28,725 |
| Philippines | 24,767 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 1,911 |
| Denmark | 1,050 |
| Norway | 818 |
| Finland | 603 |
| Iceland | 83 |
Articles/News
“How do I kill a process with Powershell?”
- https://playing-with-fire-101-nb6sb.ondigitalocean.app/pwf201.html
Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities
- https://www.trendmicro.com/en_us/research/25/j/how-vidar-stealer-2-upgrades-infostealer-capabilities.html
Analysis of the Lumma infostealer
- https://www.genians.co.kr/en/blog/threat_intelligence/lumma-infostealer
RedTiger: New Red Teaming Tool in the Wild Targeting Gamers and Discord Accounts
- https://www.netskope.com/blog/redtiger-new-red-teaming-tool-in-the-wild-targeting-gamers-and-discord-accounts
Dissecting YouTube’s Malware Distribution Network
- https://research.checkpoint.com/2025/youtube-ghost-network/