May 2025 Infostealer Trend Report
Essential information
- Published
- 18/06/2025 17:46
- Modified
- 23/06/2025 19:57
- Tags
- 2025-06-18 amadey bat script cracks dll sideloading infostealer keygens lummac2 rhadamanthys seo poisoning stealc unicode passwords vidar wormhole
- Related entities
- 3 observables, 8 techniques (mitre)
Description
This analysis examines the distribution trends of Infostealer malware in May 2025. It highlights the use of SEO poisoning to distribute malware disguised as cracks and keygens. LummaC2, Vidar, StealC, Rhadamanthys, and Amadey were the main Infostealers observed. Distribution methods included posts on legitimate websites, forums, and Q&A pages. Malware was primarily distributed in EXE format (95.4%), with a decrease in DLL-SideLoading (4.6%). Notable trends include the emergence of BAT script malware, use of the Wormhole file-sharing service for distribution, and the use of Unicode characters in compression passwords to bypass security measures. The report provides insights into distribution volumes, methods, and disguises based on data collected and analyzed by advanced security systems.