May 2025 Infostealer Trend Report

SUMMARY :

This analysis examines the distribution trends of Infostealer malware in May 2025. It highlights the use of SEO poisoning to distribute malware disguised as cracks and keygens. LummaC2, Vidar, StealC, Rhadamanthys, and Amadey were the main Infostealers observed. Distribution methods included posts on legitimate websites, forums, and Q&A pages. Malware was primarily distributed in EXE format (95.4%), with a decrease in DLL-SideLoading (4.6%). Notable trends include the emergence of BAT script malware, use of the Wormhole file-sharing service for distribution, and the use of Unicode characters in compression passwords to bypass security measures. The report provides insights into distribution volumes, methods, and disguises based on data collected and analyzed by advanced security systems.

OPENCTI LABELS :

stealc,amadey,vidar,infostealer,seo poisoning,rhadamanthys,bat script,lummac2,dll-sideloading,keygens,wormhole,unicode passwords,cracks


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


May 2025 Infostealer Trend Report