A brief look at all things infostealers for the week 51, 2025 (15.12.2025–21.12.2025). Spotted announcement of a new infostealers, and updates in MioLab and StealCv2 stealers. Grabbed some numbers from marketplaces and few interesting news/articles for you to read.
Infostealer Updates
MioLab Stealer
We added a video of the ledger module in action and uploaded it to Streamable for those who don’t use Telegram.
https[://]streamable[.]com/f70vi3 – web panel
https[://]streamable[.]com/dlsyog – work and log
https[://]streamable[.]com/eut6pl – ledger
Screenshot taken from XSS forum
Misericorde Stealer
StealC Stealer
Stealc v2.10.0 update
Build:
- Fixed a bug in obtaining the path to config.vdf, now Steam tokens are always collected correctly
- Minor code fixes and improvements
- Runtime cleanup
Admin panel:
- Completely redesigned authorization, now works with cookies with the ability to save the session (remember me – will no longer log you out every 15-30 minutes, BUT now only one session is possible per user for security reasons)
- Fixed a bug that prevented files from being uploaded from the About Log window
- Added a notification in case of imminent subscription expiration (just so you don’t forget)
Worker panel:
A global rework of worker functions has been carried out
- Added the ability to use multiple builds with one worker
- The Cookie Restore and Builder tabs are now available to workers
- Workers now have the ability to edit their build settings
Gate:
- Fixed bugs in processing http headers of IP addresses
API:
- Global rework of user rights for functions, not just admin/non-admin plugins for the entire API class (to support some functions now available to workers)
Screenshot taken from XSS forum
Marketplace Updates
This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, the victim numbers in the countries of the Nordic region. In addition, see the CryptPad spreadsheet for all more broad numbers.
Marketplace Updates Spreadsheet
Russian Market
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 7,013,339 |
| Vidar | 845,749 |
| RisePro | 145,529 |
| StealC | 806,433 |
| RedLine | 192,122 |
| Acreed | 834,500 |
| Raccoon | 5,079 |
| Rhadamanthys | 487,096 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 1,203,463 |
| Brazil | 740,163 |
| Indonesia | 565,249 |
| Egypt | 488,765 |
| Pakistan | 416,217 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 22,466 |
| Denmark | 12,266 |
| Norway | 10,056 |
| Finland | 8,215 |
| Iceland | 1,124 |
| Greenland | 155 |
| Faroe | 107 |
| Åland | 24 |
Exodus Market
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 473,650 |
| Rhadamanthys | 106,340 |
| RedLine | 34,995 |
| StealC | 26,207 |
| Vidar | 12,155 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 72,206 |
| Brazil | 50,390 |
| Indonesia | 37,140 |
| USA | 28,470 |
| Philippines | 24,773 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 1,896 |
| Denmark | 1,036 |
| Norway | 809 |
| Finland | 601 |
| Iceland | 83 |
Articles/News
Defeating AuraStealer: Practical Deobfuscation Workflows for Modern Infostealers
- https://www.gendigital.com/blog/insights/research/defeating-aurastealer-obfuscation
SantaStealer is Coming to Town: A New, Ambitious Infostealer Advertised on Underground Forums
- https://www.rapid7.com/blog/post/tr-santastealer-is-coming-to-town-a-new-ambitious-infostealer-advertised-on-underground-forums/
Stealka stealer: the new face of game cheats, mods, and cracks
- https://www.kaspersky.com/blog/windows-stealer-stealka/55058/
I am not a robot: ClickFix used to deploy StealC and Qilin
- https://www.sophos.com/en-us/blog/i-am-not-a-robot-clickfix-used-to-deploy-stealc-and-qilin