Information-stealing malware Acreed has emerged as the most pervasive stealer payload on the widely known dark web credential trading platform Russian Market this year, ahead of the RedLine, Raccoon, StealC, and Vidar strains, reports Infosecurity Magazine.
Acreed's dominance also comes after last month's shutdown of the Lumma Stealer, or LummaC2, operation, which was linked to almost 92% of credential log alerts on the Russian Market during the last three months of 2024, according to an analysis from ReliaQuest. Additional findings showed that Russian Market has become the leading platform for credential theft following Genesis Market's takedown two years ago. Organizations in the professional, scientific, and technical services sectors had the most credential logs on Russian Market, while majority of such logs had single sign-on and software-as-a-service credentials. "This trend has continued into 2025, with over 50,000 credential theft alerts issued as of May 2025, highlighting the critical need for organizations to stay alert to this tactic," said ReliaQuest researchers.
Acreed's dominance also comes after last month's shutdown of the Lumma Stealer, or LummaC2, operation, which was linked to almost 92% of credential log alerts on the Russian Market during the last three months of 2024, according to an analysis from ReliaQuest. Additional findings showed that Russian Market has become the leading platform for credential theft following Genesis Market's takedown two years ago. Organizations in the professional, scientific, and technical services sectors had the most credential logs on Russian Market, while majority of such logs had single sign-on and software-as-a-service credentials. "This trend has continued into 2025, with over 50,000 credential theft alerts issued as of May 2025, highlighting the critical need for organizations to stay alert to this tactic," said ReliaQuest researchers.
