A brief look at all things infostealers for the week 8, 2026 (16.02.2026 –22.02.2026). Updates in The Void, Xillen, AID and MioLab stealers. Grabbed some numbers from marketplaces and few interesting news/articles for you to read.
Infostealer Updates
The Void Stealer
Update 1.5 – Bug Fix | Quality of Life Improvements
- Fixed a bug where the software sometimes parsed the configuration incorrectly
- Added a function to delete logs from the panel
- Added an information bar with the remaining subscription time to the settings section
- Fixed a bug where the update bar was displayed with each new session
- Minor API upgrade
Screenshot taken from XSS forum
Xillen Stealer
Xillen: Major relocation and preparation for 5.2.3
We are completing investments in our own infrastructure. Instead of rented capacity, we are moving to our own dedicated servers — this will provide a level of stability and data privacy that no hosting provider can offer.
What we are working on now:
- 36 cores / 72 threads — the panel will fly even during abnormal traffic spikes.
- 192GB DDR4 ECC — a safety margin for any volume of logs.
- NVMe Corsair + APC UPS — extraordinary database speed and protection against any power failures.
We will complete the move by Wednesday, and immediately after that we will roll out update 5.2.3.
Briefly about the software:
In the new version, we have radically revised the work with crypto wallets (automated everything that could be automated), implemented a new system for bypassing detections, moved away from Cloudflare, and completely updated the engine for teamwork. The changelog is HUGE.
Screenshot taken from XSS forum
AID_Stealer
UPDATE
ABE decrypt updated.
Clipper attachment improved.
Load and log collection and decryption time reduced by more than 10 times.
Yandex password collection via command in RAT module fixed.
Hybrid log encryption using RSA added.
Screenshot taken from BHF forum
MioLab Stealer
The update is complete.
1. New panel design, improved UX.
2. Fixed the Safari Cookies grabber.
3. Changed the logic of the notes grabber, now there are no skips.
4. Improved obfuscation and the logic of the styler's work, the pass rate during tests on real machines is 100%.
5. Fixed bugs in Statistic.
Old builds will stop working on 19.02.2026, it’s necessary to make rebuilds!
Login is still available via the old domain, but it will soon change, don’t forget to save the new domain.
Update of the pricing policy:
The cost of a monthly subscription is 1000$, the cost now includes the Ledger & Trezor modules.
Screenshot taken from MioLab’s Telegram channel
Marketplace Updates
This section provides some numbers taken from the marketplaces, which include numbers of victims based on stealers, top 5 countries, the victim numbers in the countries of the Nordic region. In addition, see the CryptPad spreadsheet for more meaningless numbers.
Marketplace Updates Spreadsheet 2026
The below spreadsheet contains meaningless numbers taken in 2025:
Marketplace Updates Spreadsheet 2025
Russian Market
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| Lumma | 7,009,840 |
| Vidar | 1,064,270 |
| Acreed | 956,928 |
| StealC | 807,317 |
| Rhadamanthys | 590,167 |
| RedLine | 192,096 |
| RisePro | 145,519 |
| Raccoon | 5,064 |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | 1,251,396 |
| Brazil | 771,779 |
| Indonesia | 589,478 |
| Egypt | 496,242 |
| Pakistan | 428,042 |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | 24,196 |
| Denmark | 13,253 |
| Norway | 10,875 |
| Finland | 9,098 |
| Iceland | 1,182 |
| Greenland | 162 |
| Faroe | 112 |
| Åland | 24 |
Exodus Market
The marketplace was down, therefore no updates from the ExodusMarket.
Stealers by number of victims
| Stealer name | Number of victims |
|---|---|
| StealC | – |
| Vidar | – |
| Lumma | – |
| Rhadamanthys | – |
| RedLine | – |
Top 5 countries by number of victims
| Country | Number of victims |
|---|---|
| India | – |
| Brazil | – |
| Turkey | – |
| USA | – |
| Bangladesh | – |
Nordic region countries
| Country | Number of victims |
|---|---|
| Sweden | – |
| Denmark | – |
| Norway | – |
| Finland | – |
| Iceland | – |
Articles/News
January 2026 Infostealer Trend Report
- https://asec.ahnlab.com/en/92646/
CharlieKirk GRABBER : A PYTHON-BASED INFOSTEALER
- https://www.cyfirma.com/research/charliekirk-grabber-a-python-based-infostealer/
The ClickFix Trap: How Fake Captchas Are Delivering Stealthy Infostealers
- https://www.cyberproof.com/blog/fake-captcha-attack-uncovered-clickfix-infostealer-campaign/
Arkanix Stealer: a C++ & Python infostealer
- https://securelist.com/arkanix-stealer/119006/
SmartLoader hackers clone Oura MCP project to spread StealC malware
- https://securityaffairs.com/188135/ai/smartloader-hackers-clone-oura-mcp-project-to-spread-stealc-malware.html
Unpacking the New “Matryoshka” ClickFix Variant: Typosquatting Campaign Delivers macOS Stealer
- https://www.intego.com/mac-security-blog/matryoshka-clickfix-macos-stealer/
Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens
- https://thehackernews.com/2026/02/infostealer-steals-openclaw-ai-agent.html