May 2025 Infostealer Trend Report
June 23, 2025, 7:57 p.m.
Description
This analysis examines the distribution trends of Infostealer malware in May 2025. It highlights the use of SEO poisoning to distribute malware disguised as cracks and keygens. LummaC2, Vidar, StealC, Rhadamanthys, and Amadey were the main Infostealers observed. Distribution methods included posts on legitimate websites, forums, and Q&A pages. Malware was primarily distributed in EXE format (95.4%), with a decrease in DLL-SideLoading (4.6%). Notable trends include the emergence of BAT script malware, use of the Wormhole file-sharing service for distribution, and the use of Unicode characters in compression passwords to bypass security measures. The report provides insights into distribution volumes, methods, and disguises based on data collected and analyzed by advanced security systems.
Tags
Date
- Created: June 18, 2025, 5:46 p.m.
- Published: June 18, 2025, 5:46 p.m.
- Modified: June 23, 2025, 7:57 p.m.
Indicators
- e18a8c681f7f2876a5a4d2f550cc63d4ff25c05ab942d80c4d3a71dce497d4ba
- 1cefa4d9f9015053c21d2baccb1d95dad2240c8de0dc630fdbc94fbeddf192e3
- 9d153a59f7a0c6d457f71d0643fef5e3c60984c2da3564e9236fe6df834f1b60