A brief look at all things infostealers for the week 29, 2025 (14.07.2025–20.07.2025). This week observed updates in MonsterV2, Bee Stealer and AURA Stealer. Grabbed some numbers from marketplaces and some interesting news/articles.
A bit of an update on “Marketplace Updates”. Last year on BalcCon I met a cool guy from South America and since we kept in contact. During our recent chat it became clear that information from marketplaces related to the LatAm region would be pretty valuable for him. Initially, I promised that I can gather info on LatAm countries/numbers once per month; however, after thinking a bit, I decided why not to share all the countries, so others can benefit as well. So, here you will find CryptPad spreadshit with info on all the countries. Also including stealers on marketplaces, if time permits, I’ll update retrospectively.
Note: All the screenshots are taken from the XSS forum, unless otherwise stated.
Note: The update posts are copy-pasted as is (and machine-translated with DeepL.com if post wasn’t available in English, possibly with some minor edits by me).
Infostealer Updates
MonsterV2
[+] Fixed display of log statistics legend
[+] Added the ability to delete all bots that went offline
[=] Cleaned CSS styles
[=] Improved display of global actions menu
[!] Rebuild not required!
Bee Stealer
update
added guest statistics by tags
added possibility to make notifications/logs in telegram
AURA Stealer
Dear friends, finally got to the default configuration!
Following the recommendations of the first buyers, the following collection options have been fixed:
- Collection of Steam
- Collection of Exodus
Small update:
The service of sending logs to Telegram has been moved to a separate server and is available in the panel again.
Important change – now the bot attaches a link to the log upload to the message, instead of an archive as an attachment.
Build updated: v1.1.1
- Completely cut spdlog library, redesigned api-hammering
- Defensive mechanisms of the build have been improved
- Now anti_dbg flag is not checked, anti-debugging is always enabled
- General performance optimizations
Marketplace Updates
This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, the victim numbers in the countries of the Nordic region. In addition, see the CryptPad spreadsheet for all more broad numbers.
Marketplace Updates Spreadsheet
RussianMarket
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 9,287,269 |
| RisePro | 1,429,615 |
| Vidar | 1,429,068 |
| StealC | 1,053,513 |
| RedLine | 789,294 |
| Raccoon | 335,266 |
| Acreed | 329,184 |
| Rhadamanthys | 26,957 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 1,531,658 |
| Brazil | 1,134,465 |
| Indonesia | 787,656 |
| Egypt | 721,277 |
| Pakistan | 705,231 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 24,981 |
| Denmark | 13,329 |
| Norway | 10,498 |
| Finland | 8,885 |
| Iceland | 1,246 |
| Greenland | 183 |
| Faroe | 117 |
| Åland | 21 |
ExodusMarket
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 473,411 |
| Rhadamanthys | 77,066 |
| RedLine | 35,303 |
| Unknown | 19,941 |
| StealC | 10,468 |
| Vidar | 4,733 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 66,730 |
| Brazil | 47,119 |
| Indonesia | 35,477 |
| USA | 26,368 |
| Philippines | 23,111 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 1,706 |
| Denmark | 970 |
| Norway | 751 |
| Finland | 554 |
| Iceland | 86 |
Articles/News
Katz Stealer | Powerful MaaS On the Prowl for Credentials and Crypto Assets
- https://www.sentinelone.com/blog/katz-stealer-powerful-maas-on-the-prowl-for-credentials-and-crypto-assets/
Threat hunting case study: Lumma infostealer
- https://intel471.com/blog/threat-hunting-case-study-lumma-infostealer
Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai
- https://krebsonsecurity.com/2025/07/poor-passwords-tattle-on-ai-hiring-bot-maker-paradox-ai/
Signed and stealing: uncovering new insights on Odyssey infostealer
- https://www.jamf.com/blog/signed-and-stealing-uncovering-new-insights-on-odyssey-infostealer/