A brief look at all things infostealers for the week 48, 2025 (24.11.2025–30.11.2025). AID_Stealer update from last week was missing, added for this week. Grabbed some numbers from marketplaces and few interesting news/articles for you to read.
Infostealer Updates
AID_Stealer
UPDATE
https[:]//imgur[.]com/a/hSTPH6w
1) Added decryption of Yandex Browser passwords (tested with the current version 25.8.5.983).
2) Improved thread safety in the RAT panel (removed red cross).
3) Other minor improvements and fixes + slightly increased build size.
Screenshot from BHF forum
Marketplace Updates
This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, the victim numbers in the countries of the Nordic region. In addition, see the CryptPad spreadsheet for all more broad numbers.
Marketplace Updates Spreadsheet
Russian Market
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 7,011,213 |
| Vidar | 734,361 |
| RisePro | 145,532 |
| StealC | 801,485 |
| RedLine | 192,134 |
| Acreed | 835,616 |
| Raccoon | 5,081 |
| Rhadamanthys | 467,217 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 1,185,823 |
| Brazil | 730,833 |
| Indonesia | 560,088 |
| Egypt | 486,517 |
| Pakistan | 414,737 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 21,704 |
| Denmark | 11,835 |
| Norway | 9,689 |
| Finland | 7,950 |
| Iceland | 1,100 |
| Greenland | 154 |
| Faroe | 103 |
| Åland | 24 |
Exodus Market
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 473,914 |
| Rhadamanthys | 106,521 |
| RedLine | 35,017 |
| StealC | 26,256 |
| Vidar | 12,211 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 72,213 |
| Brazil | 50,398 |
| Indonesia | 37,140 |
| USA | 28,516 |
| Philippines | 24,777 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 1,905 |
| Denmark | 1,038 |
| Norway | 816 |
| Finland | 601 |
| Iceland | 83 |
Articles/News
StealC V2 Campaign Targeting Blender Users via Malicious .blend Files
- https://www.morphisec.com/blog/morphisec-thwarts-russian-linked-stealc-v2-campaign-targeting-blender-users-via-malicious-blend-files/
Dissecting a new malspam chain delivering Purelogs infostealer
- https://securityaffairs.com/185066/cyber-crime/dissecting-a-new-malspam-chain-delivering-purelogs-infostealer.html