VERY IMPORTANT

This analysis examines Infostealer malware trends during December 2025, focusing on distribution methods, volume, and disguising techniques. Key findings include the prevalence of ACRStealer, LummaC2, and Stealc Infostealers, with malware primarily distributed through SEO poisoning and compromised legitimate websites. The report highlights two significant trends: the abuse of Python scripts for malware distribution and the emergence of cryptocurrency-stealing malware using Tor. Distribution methods evolved from direct blog posts to leveraging legitimate websites and forums. The analysis also notes a shift in malware execution methods, with 65.8% distributed as EXE files and 34.2% using DLL Sideloading techniques. The report emphasizes the importance of vigilance against these evolving threats and provides detailed insights into the malware's behavior and infrastructure.