MicroStealer, a fully capable infostealer, is spreading rapidly with minimal traditional detection coverage. ANY.RUN researchers documented 40+ sandbox infections in under a month despite low public visibility. The malware distributes via compromised or impersonated accounts. Key insight: Modern infostealers can achieve significant reach and infrastructure maturity while remaining largely invisible to standard security detections, complicating early threat spotting and containment for security teams relying on traditional signals.