A brief look at all things infostealers for the week 28, 2025 (07.07.2025–13.07.2025). This week observed updates in MonsterV2 and an emergence of a new stealer. Grabbed some numbers from marketplaces and some interesting news/articles.
Infostealer Updates
MonsterV2
[+] Added the ability to launch the stealer on all bots
[+] Added the ability to launch the stealer on selected bots
[=] Accelerated loader launch on selected bots
[=] Fixed typos in some error messages
[=] Optimization and minor improvements in the build code
[=] Fixed a bug where due to a large number of open handles in the system, browser cookies might not be collected on some machines
[!] Rebuild required!
AURA Stealer
Made a separate post. Click-click.
Marketplace Updates
This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, and the victim numbers in the countries of the Nordic region.
RussianMarket
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 9,246,363 |
| RisePro | 1,429,089 |
| Vidar | 1,416,788 |
| StealC | 1,046,928 |
| RedLine | 789,316 |
| Raccoon | 329,236 |
| Acreed | 313,251 |
| Rhadamanthys | 26,976 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 1,531,658 |
| Brazil | 1,134,465 |
| Indonesia | 787,656 |
| Egypt | 721,277 |
| Pakistan | 705,231 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 24,981 |
| Denmark | 13,329 |
| Norway | 10,498 |
| Finland | 8,885 |
| Iceland | 1,246 |
| Greenland | 183 |
| Faroe | 117 |
| Åland | 21 |
ExodusMarket
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 473,458 |
| Rhadamanthys | 77,084 |
| RedLine | 35,304 |
| Unknown | 13,625 |
| StealC | 10,242 |
| Vidar | 4,733 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 66,195 |
| Brazil | 46,948 |
| Indonesia | 35,360 |
| USA | 25,527 |
| Philippines | 22,972 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 1,707 |
| Denmark | 970 |
| Norway | 751 |
| Finland | 554 |
| Iceland | 86 |
Articles/News
NordDragonScan: Quiet Data-Harvester on Windows
- https://www.fortinet.com/blog/threat-research/norddragonscan-quiet-data-harvester-on-windows
Fix the Click: Preventing the ClickFix Attack Vector
- https://unit42.paloaltonetworks.com/preventing-clickfix-attack-vector/
ClickFix Chaos: A Deep Dive into Rhadamanthys Infostealer’s Stealth and Steal Tactics
- https://darkatlas.io/blog/clickfix-chaos-a-deep-dive-into-rhadamanthys-infostealers-stealth-and-steal-tactics
GitHub Abused to Spread Malware Disguised as Free VPN
- https://www.cyfirma.com/research/github-abused-to-spread-malware-disguised-as-free-vpn/
Combolists and ULP Files on the Dark Web: A Secondary and Unreliable Source of Information about Compromises
- https://www.group-ib.com/blog/combolists-ulp-darkweb/