A brief look at all things infostealers for the week 40, 2025 (29.09.2025–05.10.2025). Spotted only update in XFiles infostealer. Grabbed some numbers from marketplaces and some interesting news/articles.
Note: The update posts are copy-pasted as is (and machine-translated with DeepL.com if post wasn’t available in English, possibly with some minor edits by me).
Infostealer Updates
XFiles
4.0.0:
Added the ability to use personal proxies (frontends) for stealer, without support.
- They are generated using AI, which increases their credibility.
- Personal proxies cost from $3 to $15; the higher the price, the less harmful they appear to AV (Windows Defender, etc.).
- Added a proxy guide.
- Added the ability to have your own private gateway.
- TG bot – file encryption without support.
Screenshot from XSS forum
Marketplace Updates
This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, the victim numbers in the countries of the Nordic region. In addition, see the CryptPad spreadsheet for all more broad numbers.
Marketplace Updates Spreadsheet
Russian Market
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 6,962,684 |
| Vidar | 552,458 |
| RisePro | 145,551 |
| StealC | 746,422 |
| RedLine | 192,187 |
| Acreed | 585,811 |
| Raccoon | 5,086 |
| Rhadamanthys | 265,369 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 1,092,879 |
| Brazil | 689,296 |
| Indonesia | 532,370 |
| Egypt | 463,680 |
| Pakistan | 398,225 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 19,097 |
| Denmark | 10,451 |
| Norway | 8,455 |
| Finland | 6,829 |
| Iceland | 979 |
| Greenland | 140 |
| Faroe | 93 |
| Åland | 22 |
Exodus Market
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 474,747 |
| Rhadamanthys | 107,206 |
| RedLine | 35,106 |
| StealC | 26,542 |
| Vidar | 11,447 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 71,738 |
| Brazil | 50,442 |
| Indonesia | 37,164 |
| USA | 28,802 |
| Philippines | 24,774 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 1,914 |
| Denmark | 1,050 |
| Norway | 820 |
| Finland | 605 |
| Iceland | 83 |
Articles/News
Rhadamanthys 0.9.x – walk through the updates
- https://research.checkpoint.com/2025/rhadamanthys-0-9-x-walk-through-the-updates/
Detour Dog: DNS Malware Powers Strela Stealer Campaigns
- https://blogs.infoblox.com/threat-intelligence/detour-dog-dns-malware-powers-strela-stealer-campaigns/