A brief look at all things infostealers for the week 49, 2025 (01.12.2025–07.12.2025). Added update from StealCV2 stealer. Grabbed some numbers from marketplaces and few interesting news/articles for you to read.
Infostealer Updates
StealC Stealer
Stealc v2.9.0 update
Build:
- Steam token collection has been restored; tokens are now decrypted from files without the need to inject into the Steam process (tokens are collected from all accounts that the user is logged into, not just the active one)
- Improved file transfer to the server
- Runtime cleanup
- Other minor code fixes
Gate:
- Improved file retrieval from build
Database:
- Added Perplexity Comet browser collection
- Added IndexedDB collection for all MetaMask versions
Admin panel:
- Added a function to delete all logs from the server in the Admin -> Server Management section
- A function to delete temporary log files has been added to the Admin -> Server Management section
- A function to delete empty logs has been added to the Admin -> Server Management section
- The ability to select the message type (plain text, text with screenshot, or ZIP file of log) has been added to the user notification settings
- Added the ability to select the message type (plain text, text with screenshot, or ZIP file of log) for chat lists (Admin -> Telegram Bot) to the Telegram bot settings
Worker panel:
- Added bulk exports for workers
Screenshot from XSS forum
Marketplace Updates
This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, the victim numbers in the countries of the Nordic region. In addition, see the CryptPad spreadsheet for all more broad numbers.
Marketplace Updates Spreadsheet
Russian Market
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 7,013,897 |
| Vidar | 780,831 |
| RisePro | 145,532 |
| StealC | 806,496 |
| RedLine | 192,129 |
| Acreed | 835,100 |
| Raccoon | 5,080 |
| Rhadamanthys | 474,944 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 1,197,442 |
| Brazil | 734,358 |
| Indonesia | 562,680 |
| Egypt | 487,798 |
| Pakistan | 415,689 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 21,988 |
| Denmark | 11,981 |
| Norway | 9,820 |
| Finland | 8,054 |
| Iceland | 1,109 |
| Greenland | 154 |
| Faroe | 105 |
| Åland | 24 |
Exodus Market
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 473,825 |
| Rhadamanthys | 106,478 |
| RedLine | 35,011 |
| StealC | 26,238 |
| Vidar | 12,192 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 72,209 |
| Brazil | 50,393 |
| Indonesia | 37,140 |
| USA | 28,504 |
| Philippines | 24,776 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 1,905 |
| Denmark | 1,037 |
| Norway | 816 |
| Finland | 601 |
| Iceland | 83 |
Articles/News
Arkanix Stealer: Newly discovered short term profit malware
- https://www.gdatasoftware.com/blog/2025/12/38306-arkanix-stealer
macOS Stealers: How Modern Infostealers Harvest Credentials
- https://deceptiq.com/blog/macos-stealers-technical-analysis