A brief look at all things infostealers for the week 45, 2025 (03.11.2025–09.11.2025). Observed updates in AID_Stealer. Grabbed some numbers from marketplaces and few interesting news/articles for you to read.
Infostealer Updates
AID_Stealer
UPDATE
1) Added Crypto Clipper for 14 wallets.
https[://]imgur[.]com/a/Bk9ynKk
Mechanics:
a) With the resident build, the clipper works as part of the stabilizer and sends reports of successful replacements to the panel + if the Telegram bot is enabled in the panel, reports will also be sent to the chat.
b) With the regular build, the clipper will be installed in the system as a separate application and will continue to work offline.
c) This option is optional.
2) Changed the time format in cookies for correct import into cookie managers.
3) Fixed Critical process.
4) Improved builder.
Screenshot from BHF
Marketplace Updates
This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, the victim numbers in the countries of the Nordic region. In addition, see the CryptPad spreadsheet for all more broad numbers.
Marketplace Updates Spreadsheet
Russian Market
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 7,002,460 |
| Vidar | 650,607 |
| RisePro | 145,536 |
| StealC | 783,842 |
| RedLine | 192,159 |
| Acreed | 802,525 |
| Raccoon | 5,083 |
| Rhadamanthys | 413,009 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 1,149,078 |
| Brazil | 720,830 |
| Indonesia | 552,251 |
| Egypt | 479,664 |
| Pakistan | 411,521 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 20,978 |
| Denmark | 11,445 |
| Norway | 9,353 |
| Finland | 7,586 |
| Iceland | 1,073 |
| Greenland | 150 |
| Faroe | 98 |
| Åland | 23 |
Exodus Market
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 474,160 |
| Rhadamanthys | 106,782 |
| RedLine | 35,040 |
| StealC | 26,321 |
| Vidar | 11,281 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 71,712 |
| Brazil | 50,410 |
| Indonesia | 37,152 |
| USA | 28,611 |
| Philippines | 24,752 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 1,907 |
| Denmark | 1,039 |
| Norway | 816 |
| Finland | 601 |
| Iceland | 83 |
Articles/News
ClickFix Attacks Against macOS Users Evolving
- https://www.securityweek.com/clickfix-attacks-against-macos-users-evolving/
Nikkei Says 17,000 Impacted by Data Breach Stemming From Slack Account Hack
- https://www.securityweek.com/nikkei-says-17000-impacted-by-data-breach-stemming-from-slack-account-hack/
MUT-4831: Trojanized npm packages deliver Vidar infostealer malware
- https://securitylabs.datadoghq.com/articles/mut-4831-trojanized-npm-packages-vidar/
Approaching stealers devs: a brief interview with AURA
- https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-aura-9b513369e117