The Rise of Acreed Infostealer in the Post-LummaC2 Threat Landscape

Acreed, a new malware-as-a-service (MaaS) platform, appears to have taken the top spot in the infostealer ecosystem. We suspect this is due to the takedown of Lumma Stealer (LummaC2) in May 2025. In just its first week, Acreed was observed uploading over 4,000 stolen credential logs to a dark web Russian Market.

Acreed on the Rise

In March 2025, Bitsight observed no activity from Acreed on dark web marketplaces. By April, that number rose to 50 credential logs on prominent Russian dark web markets, and by May, their activity increased to 864. By June, that number surged to more than 118,000 logs on prominent Russian dark web markets, according to Bitsight Threat Intelligence. This demonstrates Acreed’s rapid growth in the cyber threat community.

To read the complete article, see: The Rise of Acreed Infostealer