Acreed Emerges as Dominant Infostealer Threat Following Lumma Takedown

An infostealer strain known as ‘Acreed’ could become the new market leader in credential theft malware, according to ReliaQuest.

The cybersecurity company’s threat research team investigated the Russian Market, one of the most popular platforms for selling and buying stolen credentials on the dark web.

Its report, published on June 2, showed that Lumma Stealer, also known as LummaC2, accounted for nearly 92% of Russian Market credential log alerts in the last quarter of 2024.

However, the infostealer was taken down in May 2025 by a global law enforcement operation, with over 2300 Lumma domains seized.

Since then, Acreed has become the leading infostealer strain used in credential theft logs on Russian Market, surpassing established stealer strains like RedLine, Raccoon, StealC and Vidar.

To read the complete article see: Acreed Dominant Infostealer Following Lumma