web analytics

Acreed Emerges as Dominant Infostealer Threat Following Lumma Takedown – Source: www.infosecurity-magazine.com

Rate this post

Source: www.infosecurity-magazine.com – Author:

An infostealer strain known as ‘Acreed’ could become the new market leader in credential theft malware, according to ReliaQuest.

The cybersecurity company’s threat research team investigated Russian Market, one of the most popular platforms for selling and buying stolen credentials on the dark web.

Its report, published on June 2, showed that Lumma Stealer, also known as LummaC2, accounted for nearly 92% of Russian Market credential log alerts in the last quarter of 2024.

However, the infostealer was taken down in May 2025 by a global law enforcement operation, with over 2300 Lumma domains seized.

Since then, Acreed has become the leading infostealer strain used in credential theft logs on Russian Market, surpassing established stealer strains like RedLine, Raccoon, StealC and Vidar.

Russian Market, A Leading Credential Theft Platform

After gaining widespread popularity in 2022, Russian Market has outlived Genesis Market, taken down in 2023, and beat out new competitors like Exodus Market, solidifying its position as a key platform in the cybercriminal ecosystem.

The marketplace is known for its attractive interface and easy-to-use platform, with infostealer logs priced as low as $2.

The ReliaQuest investigation showed that 85% of the logs analyzed on Russian Market also appeared in other sources, indicating that the platform’s content is largely recycled.

ReliaQuest raised over 136,000 alerts for customer domains listed on the platform in 2024, with 61.19% of the logs likely containing credentials for software-as-a-service (SaaS) solutions and 76.87% likely containing single sign-on (SSO) credentials.

The most impacted industries were professional, scientific and technical services, which accounted for 30% of all credential logs found on Russian Market, followed by the information sector, with 28% of all logs.

“This trend has continued into 2025, with over 50,000 credential theft alerts issued as of May 2025, highlighting the critical need for organizations to stay alert to this tactic,” the ReliaQuest researchers added.

Original Post URL: https://www.infosecurity-magazine.com/news/acreed-dominant-infostealer-lumma/

Category & Tags: –

Views: 2

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post