June 2025 Infostealer Trend Report

July 16, 2025, 8:17 p.m.

Description

This analysis provides insights into Infostealer malware trends observed in June 2025. The data, collected through various automated systems, reveals changes in distribution methods and malware types. While LummaC2 has been dominant, June saw increased activity from Rhadamanthys, ACRStealer, Vidar, and StealC. A new variant of ACRStealer emerged, using advanced techniques like HTTP host domain spoofing and anti-analysis methods. Distribution via crack disguises decreased, with 94.4% in EXE format and 5.6% using DLL-SideLoading. A unique malware type was observed, creating an uncontrollable window prompting browser updates. Some samples now hide compression passwords in image files, indicating evolving evasion tactics.

External References

https://asec.ahnlab.com/en/89033
https://otx.alienvault.com/pulse/6877cee76da84ce9db22b91e
Tags
lummac2
rhadamanthys
infostealer
seo poisoning
vidar
stealc
dll-sideloading
2025-07-16
acrstealer
anti-analysis techniques

Date

  • Created: July 16, 2025, 4:10 p.m.
  • Published: July 16, 2025, 4:10 p.m.
  • Modified: July 16, 2025, 8:17 p.m.

Attack Patterns