A brief look at all things infostealers for the week 31, 2025 (28.07.2025–03.08.2025). I was traveling and had an unexpected vacation at work, did not have time to search and update information on the infostealers. Grabbed some numbers from marketplaces and some interesting news/articles.

Infostealer Updates

¯\_(ツ)_/¯

---

Marketplace Updates

This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, the victim numbers in the countries of the Nordic region. In addition, see the CryptPad spreadsheet for all more broad numbers.

Marketplace Updates Spreadsheet

RussianMarket

Stealers by number of victims

Stealer name	Number of victims
Lumma	9,340,548
Vidar	1,451,158
RisePro	1,428,988
StealC	1,065,649
RedLine	789,222
Acreed	353,955
Racoon	329,079
Rhadamanthys	30,157

Top 5 countries by number of victims

Country	Number of victims
India	1.554,604
Brazil	1,147,145
Indonesia	796,498
Egypt	729,581
Pakistan	714,551

Nordic region countries

Country	Number of victims
Sweden	25,598
Denmark	13,551
Norway	10,728
Finland	9,109
Iceland	1,272
Greenland	184
Faroe	119
Åland	23

---

ExodusMarket

Stealers by number of victims

Stealer name	Number of victims
Lumma	480,182
Rhadamanthys	108,193
RedLine	35,356
Unknown	26,385
StealC	19,749
Vidar	9,296

Top 5 countries by number of victims

Country	Number of victims
India	74,151
Brazil	51,241
Indonesia	37,952
USA	30,067
Philippines	25,608

Nordic region countries

Country	Number of victims
Sweden	1,912
Denmark	1,051
Norway	823
Finland	617
Iceland	89

---

Articles/News

LLM-Based Identification of Infostealer Infection Vectors from Screenshots: The Case of Aurora

• https://www.arxiv.org/abs/2507.23611

MaaS Appeal: An Infostealer Rises From The Ashes

• https://www.elastic.co/security-labs/maas-appeal-an-infostealer-rises-from-the-ashes

FAKE TELEGRAM PREMIUM SITE DISTRIBUTES NEW LUMMA STEALER VARIANT

• https://www.cyfirma.com/research/fake-telegram-premium-site-distributes-new-lumma-stealer-variant/