The Infostealer Epidemic: Cybercrime Surges 800% in 2025, Fueled by Stolen Digital Identities
Cyberattacks in the first half of 2025 have accelerated to a terrifying new pace. From credential theft and ransomware assaults to leaks of sensitive information and mass session hijackings, nearly every metric in Flashpoint’s latest report has multiplied—some by as much as eightfold. At the heart of this digital crimewave lies a deceptively simple yet devastatingly effective weapon: the infostealer.
These malicious programs, adept at extracting saved passwords, cookies, autofill data, bank card details, and even cryptocurrency wallets from browsers, have fueled an 800% surge in credential theft. According to Flashpoint, cybercriminals have already exfiltrated roughly 1.8 billion accounts in 2025 alone using these tools. On underground forums, infostealers are sold for prices ranging from $60 to $400, making them accessible even to low-skill threat actors.
Among the most prolific families are Lumma and RedLine, which persist despite ongoing efforts to dismantle their infrastructure. They are now joined by emerging players such as Acreed and StealC. Most of these tools operate on an “everything at once” model—swiftly extracting all available data and transmitting it to their operators’ command servers.
Yet data theft seldom ends with a single infected device. The report underscores that a lone compromised machine can provide a gateway into an entire corporate ecosystem. Stolen tokens, email sessions, and enterprise credentials open doors to partner and client systems alike, transforming digital identity into the new frontline of compromise.
Many of this year’s most high-profile breaches—including those targeting Orange Spain and United Healthcare—stemmed from such credential theft. The rise of infostealers is also fueling other cyberattack forms, particularly ransomware campaigns.
Incidents involving ransomware have surged by 179% since the start of the year. The Ransomware-as-a-Service (RaaS) model, exemplified by operations like Cl0p, is reaching unprecedented levels of infection. Increasingly, the initial point of entry is a stolen session or login harvested by an infostealer.
Simultaneously, data breaches have spiked dramatically. In just the first four months of 2025, reported violations climbed by 235%, with nearly 80% linked to unauthorized access. The United States remains the most impacted region, accounting for two-thirds of all global incidents.
Particularly coveted are personally identifiable information (PII) datasets. These serve not only as a foundation for identity theft schemes but also fuel mass phishing campaigns, account takeovers, and social engineering attacks. All of this unfolds against the backdrop of a surge in software vulnerabilities: public disclosures have increased by 246%, and readily available exploits by 179%.
Flashpoint stresses that the current climate demands more than reactive measures—it requires deeply proactive cyber intelligence. Today’s threats are no longer isolated; they flourish within interconnected ecosystems, migrate across sectors, and can be weaponized into broader campaigns of digital sabotage and economic coercion.