A brief look at all things infostealers for the week 46, 2025 (10.11.2025–16.11.2025). Grabbed some numbers from marketplaces and few interesting news/articles for you to read.
Infostealer Updates
¯\_(ツ)_/¯
Marketplace Updates
This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, the victim numbers in the countries of the Nordic region. In addition, see the CryptPad spreadsheet for all more broad numbers.
Marketplace Updates Spreadsheet
Russian Market
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 7,003,691 |
| Vidar | 669,900 |
| RisePro | 145,536 |
| StealC | 789,022 |
| RedLine | 192,146 |
| Acreed | 806,520 |
| Raccoon | 5,082 |
| Rhadamanthys | 452,713 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 1,155,441 |
| Brazil | 725,487 |
| Indonesia | 555,404 |
| Egypt | 481,847 |
| Pakistan | 411,962 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 21,332 |
| Denmark | 11,643 |
| Norway | 9,509 |
| Finland | 7,761 |
| Iceland | 1,086 |
| Greenland | 152 |
| Faroe | 98 |
| Åland | 24 |
Exodus Market
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 474,122 |
| Rhadamanthys | 106,710 |
| RedLine | 35,035 |
| StealC | 26,290 |
| Vidar | 11,265 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 71,710 |
| Brazil | 50,404 |
| Indonesia | 37,152 |
| USA | 28,561 |
| Philippines | 24,751 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 1,907 |
| Denmark | 1,039 |
| Norway | 816 |
| Finland | 601 |
| Iceland | 83 |
Articles/News
Rhadamanthys infostealer disrupted as cybercriminals lose server access
- https://www.bleepingcomputer.com/news/security/rhadamanthys-infostealer-disrupted-as-cybercriminals-lose-server-access/
Increase in Lumma Stealer Activity Coincides with Use of Adaptive Browser Fingerprinting Tactics
- https://www.trendmicro.com/en_us/research/25/k/lumma-stealer-browser-fingerprinting.html
EVALUSION Campaign Delivers Amatera Stealer and NetSupport RAT
- https://www.esentire.com/blog/evalusion-campaign-delivers-amatera-stealer-and-netsupport-rat
Digit stealer: a JXA-based infostealer that leaves little footprint
- https://www.jamf.com/blog/jtl-digitstealer-macos-infostealer-analysis/