Emerging Threat: Acreed Spyware Toolkit
In a recent announcement, maCERT, the Moroccan national cybersecurity agency, has issued a significant alert regarding the emergence of a new spyware toolkit known as Acreed. This malware has been spreading rapidly across the internet, raising concerns among both individuals and organizations alike.
Acreed, which first came to light in February 2025, has quickly established itself as one of the most prevalent information stealers circulating on the dark web. Following the dismantling of the notorious cyber threat Lumma earlier this year, Acreed has filled the void, currently accounting for approximately 17% of underground cyber activity, trailing only behind Rhadamanthys and Lumma.
The primary function of this malware is to infiltrate compromised computers to extract sensitive information, which is then relayed to hacker operators. These criminals either sell the stolen data or exploit it for their own gain. The methods of distribution for Acreed are alarmingly familiar and effective, including:
- Deceptive emails that appear legitimate
- Infected advertisements
- Pirated software downloads
Victims may encounter what seems to be a genuine message or software update. However, upon opening such emails, the Acreed malware is silently installed on their systems. Once embedded, Acreed diligently collects a wide array of information, including:
- Usernames and passwords
- Browser information
- Cryptocurrency wallet details
- Session tokens for cloud services like Microsoft 365 and Amazon Web Services
This harvested data is then transmitted to remote servers controlled by cybercriminals, enabling them to impersonate victims, access corporate logins, or drain virtual wallets without the victim’s awareness.
maCERT emphasizes that the risks associated with Acreed extend to both private individuals and business networks, as the spyware does not discriminate between sources of information. In light of this threat, the agency urges users and organizations to exercise heightened vigilance. Key recommendations include:
- Ensure antivirus solutions are up to date.
- Monitor for suspicious online activity.
- Avoid downloading software from unofficial websites.
- Be cautious of unsolicited emails and links, even from known contacts.
This warning underscores the ongoing evolution of online threats in 2025. As cybercriminals increasingly target everyday users, Moroccan cybersecurity experts remind the public of the critical importance of maintaining caution while navigating the digital landscape.
For those who suspect they may have fallen victim to an infection or observe unusual system behavior, maCERT encourages immediate reporting to [email protected] for investigation and assistance.
