Acreed Infostealer Gaining Popularity Among Cybercriminals for C2 via Steam Platform

Acreed, a novel infostealer first observed in February 2025, has rapidly gained traction among threat actors seeking discreet credential and cryptocurrency data harvesting.

Leveraging a unique command-and-control (C2) mechanism via the Steam platform’s community profiles, Acreed exhibits advanced OPSEC measures and versatility that distinguish it from established stealers such as Lumma.

Acreed noted on Russian underground markets on February 14, 2025, sold exclusively by the threat actor known as Nuez.

Within months, it displaced other stealers, capturing 17% of log sales by September 2025 and ranking third behind Rhadamanthys and Lumma.

Its ascent accelerated after the global takedown of Lumma in May 2025, highlighting Acreed’s appeal as a low-visibility alternative.TLP-CLEAR-Sept-2025-Acreed-infostealer-EN.pdf

Unlike bulky stealers whose logs often exceed 1–5 MB, Acreed produces compact logs containing only passwords, cookies, autofill data, and potentially encrypted wallet information.