Kinda Blog by CryptoLek 🍉 🌻

All things infostealers. Week 44, 2025

A brief look at all things infostealers for the week 44, 2025 (27.10.2025–02.11.2025). Grabbed some numbers from marketplaces and few interesting news/articles for you to read.

Infostealer Updates

¯\_(ツ)_/¯

Marketplace Updates

This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, the victim numbers in the countries of the Nordic region. In addition, see the CryptPad spreadsheet for all more broad numbers.

Marketplace Updates Spreadsheet

Russian Market

Stealers by number of victims
Stealer nameNumber of victims
Lumma6,994,377
Vidar626,165
RisePro145,536
StealC776,928
RedLine192,162
Acreed777,291
Raccoon5,083
Rhadamanthys389,409
Top 5 countries by number of victims
CountryNumber of victims
India1,139,654
Brazil716,265
Indonesia549,265
Egypt477,001
Pakistan409,851
Nordic region countries
CountryNumber of victims
Sweden20,621
Denmark11,231
Norway9,162
Finland7,420
Iceland1,048
Greenland150
Faroe97
Åland22

Exodus Market

Stealers by number of victims
Stealer nameNumber of victims
Lumma474,283
Rhadamanthys106,883
RedLine35,050
StealC26,359
Vidar11,313
Top 5 countries by number of victims
CountryNumber of victims
India71,715
Brazil50,415
Indonesia37,153
USA28,667
Philippines24,762
Nordic region countries
CountryNumber of victims
Sweden1,908
Denmark1,044
Norway817
Finland602
Iceland83

Articles/News

10 npm Typosquatted Packages Deploy Multi-Stage Credential Harvester

  • https://socket.dev/blog/10-npm-typosquatted-packages-deploy-credential-harvester

Alleged Meduza Stealer malware admins arrested after hacking Russian org

  • https://www.bleepingcomputer.com/news/security/alleged-meduza-stealer-malware-admins-arrested-after-hacking-russian-org/

Anivia Stealer Peddled on Dark Web with UAC Bypass

  • https://gbhackers.com/anivia-stealer/

CryptoLek

, , ,