A brief look at all things infostealers for the week 50, 2025 (08.12.2025–14.12.2025). Sorry, have been travelling, therefore pretty late with my posting. Spotted announcements of new infostealers, and made separate posts. Grabbed some numbers from marketplaces and few interesting news/articles for you to read.
Infostealer Updates
MioLab MacOs Stealer
User on XSS forum opens a beta test of a new stealer – TheVoid
Marketplace Updates
This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, the victim numbers in the countries of the Nordic region. In addition, see the CryptPad spreadsheet for all more broad numbers.
Marketplace Updates Spreadsheet
Russian Market
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 7,013,642 |
| Vidar | 824,207 |
| RisePro | 145,529 |
| StealC | 806,452 |
| RedLine | 192,125 |
| Acreed | 834,721 |
| Raccoon | 5,079 |
| Rhadamanthys | 480,919 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 1,202,820 |
| Brazil | 737,918 |
| Indonesia | 565,103 |
| Egypt | 488,435 |
| Pakistan | 416,234 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 22,244 |
| Denmark | 12,148 |
| Norway | 9,949 |
| Finland | 8,154 |
| Iceland | 1,120 |
| Greenland | 155 |
| Faroe | 107 |
| Åland | 24 |
Exodus Market
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 473,705 |
| Rhadamanthys | 106,392 |
| RedLine | 34,999 |
| StealC | 26,212 |
| Vidar | 12,166 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 72,206 |
| Brazil | 50,390 |
| Indonesia | 37,140 |
| USA | 28,474 |
| Philippines | 24,773 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 1,902 |
| Denmark | 1,037 |
| Norway | 809 |
| Finland | 601 |
| Iceland | 83 |
Articles/News
Infostealer has entered the chat
- https://www.kaspersky.co.uk/blog/share-chatgpt-chat-clickfix-macos-amos-infostealer/29796/
AMOS Stealer Exploits AI Trust: Malware Delivered Through ChatGPT and Grok
- https://www.huntress.com/blog/amos-stealer-chatgpt-grok-ai-trust
Operation MoneyMount-ISO — Deploying Phantom Stealer via ISO-Mounted Executables
- https://www.seqrite.com/blog/operation-moneymount-iso-deploying-phantom-stealer-via-iso-mounted-executables/
A Deep Dive into a New JSCEAL Infostealer Campaign
- https://www.catonetworks.com/blog/cato-ctrl-deep-dive-into-new-jsceal-infostealer-campaign/
ESET Threat Report H2 2025 (has infostealer stuff)
- https://web-assets.esetstatic.com/wls/en/papers/threat-reports/eset-threat-report-h22025.pdf