Infostealers are now a primary source of stolen credentials, giving attackers fast, stealthy access to targets with more than 11.1 million infected devices and 3.3 billion stolen records circulating in illicit markets. Flashpoint reports that stealers like Vidar, Lumma, Acreed, Rhadamanthys, and StealC are used to harvest credentials, tokens, and other data that can quickly lead to ransomware and further compromise. #Vidar #Lumma #Acreed #Rhadamanthys #StealC #Flashpoint
Keypoints
- Infostealers provide attackers with stolen credentials for direct access.
- More than 11.1 million devices were infected with infostealers in 2025.
- Over 3.3 billion credentials and identity artifacts are circulating in criminal markets.
- Vidar dominated early 2026, while Lumma led during 2025.
- Stealers collect passwords, cookies, tokens, wallet data, and system metadata.
Read More: https://www.securityweek.com/infostealers-turn-millions-of-devices-into-credential-theft-machines/