216.73.216.133

May 2026 Infostealer Trend Report

· Published 18/06/2026 16:53

Export JSON

Essential information

Published
18/06/2026 16:53
Modified
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
acrstealer agenttesla clickfix credential theft darkcloud dll side-loading infostealer lummac2 remus vidar
Related entities
8 indicators, 5 observables, 20 techniques (mitre), 6 malware

Description

This analysis covers distribution trends observed during May 2026, based on automated collection systems and diagnostic logs. Distribution occurred primarily through illegal software disguised as cracks and keygens, as well as email campaigns. , , and were most prevalent, with distribution via domains including Mediafire and AWS S3 buckets. Microsoft was the most impersonated company, followed by Auslogics and NVIDIA. EXE files represented 78.9% of execution types, while accounted for 21.1%. macOS environments saw techniques and malicious Bash scripts, with 142 scripts and 12 C2 domains identified. Email campaigns distributed and . showed significant growth, comprising 36% of distributions. remained the most prevalent overall variant.

External references