April 2026 Infostealer Trend Report

This April 2026 intelligence summary reports a surge in Infostealer activity—highlighting families such as LummaC2, Remus, ACRStealer, AgentTesla and Vidar—detailing distribution via SEO‑poisoned downloads, file hosting/cloud services, email lures, and macOS script tricks. The report documents technical TTPs including DLL side‑loading (multiple python DLLs), macOS ClickFix and bash script downloads, Remus’s ChaCha20 C2 and dead‑drop resolver using Ethereum RPC, and provides MD5 hashes and malicious URLs as IoCs for detection and blocking.