Mohammedia – maCERT, the Moroccan national cybersecurity agency, has released a critical warning about the newly discovered spyware toolkit, Acreed, which spreads at a high rate over the internet.
Acreed, discovered back in February of the year 2025, soon became one of the most-used information stealers available on the dark web.
As reported by maCERT, Acreed fulfills the gap created by the dismantling of another prominent cyber threat, Lumma, earlier this year. Currently, it represents about 17% of the underground cyber activity, after Rhadamanthys and Lumma.
The primary objective of this malware is stealing information from the compromised computers and forwarding it to the hacker operators, who either sell the information obtained or exploit it.
The malware spreads via familiar and very effective ways, including misleading emails, infected advertisements, and pirated software downloads.
The victims may be presented with what looks like a genuine message or software update, yet the moment such an email is opened, it quietly installs the Acreed malware on the compromised machine.
Acreed then proceeds to harvest as much information as possible; usernames, passwords, browser information, cryptocurrency wallets, and session tokens for cloud services such as Microsoft 365 and Amazon Web Services.
The compromised information is then sent to distant servers managed by the cybercriminals. This way, the hacker can impersonate the victim, access corporate logins, or drain virtual wallets without the victim having the slightest inkling of what’s occurring.
maCERT indicates the risk targets both private individuals and business networks since the spyware doesn’t differentiate between the two sources of information.
In their advice, maCERT warns users and organizations to be vigilant. maCERT advises organizations to ensure their antivirus solutions are updated and to be on the lookout for suspicious activity on the internet, as well as to avoid downloading from unofficial websites.
maCERT also advises individuals to be wary of unsolicited e-mails and links, even if the sources are familiar to them.
The warning reflects the continuing evolution of online threats this year. And as cyber criminals become more focused on regular users, Moroccan experts on the subject remind readers about the importance of being careful online.
Anyone who recognizes the presence of an infection or observes irregular behavior of the system must report this directly to [email protected] for investigation and assistance.
