{"id":12136,"date":"2026-02-24T22:16:04","date_gmt":"2026-02-24T22:16:04","guid":{"rendered":"https:\/\/techtrendfeed.com\/?p=12136"},"modified":"2026-02-24T22:16:04","modified_gmt":"2026-02-24T22:16:04","slug":"arkanix-stealer-malware-disappears-shortly-after-debut","status":"publish","type":"post","link":"https:\/\/techtrendfeed.com\/?p=12136","title":{"rendered":"&#8216;Arkanix Stealer&#8217; Malware Disappears Shortly After Debut"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><strong>A brand new infostealer named \u2018Arkanix Stealer\u2019 operated as a malware-as-a-service (MaaS) enterprise in a one-shot marketing campaign, Kaspersky says.<\/strong><\/p>\n<p>Carried out in each C++ and Python, the malware emerged in October 2025, when its developer began promoting it in underground discussion board posts, however seemingly ceased operations in December, when its management panel and Discord channel disappeared.<\/p>\n<p>Whereas short-lived, Arkanix Stealer did present miscreants with broad information-stealing capabilities, accumulating system and person data, software particulars, browser information, Telegram and Discord information, VPN data, and stealing information from particular directories.<\/p>\n<p>As a part of the MaaS, customers have been supplied with entry to a management panel permitting them to configure payloads and entry statistics.<\/p>\n<p>Customers have been supplied with a browser post-exploitation device named ChromElevator, delivered through a local C++ model of the malware that might additionally harvest cryptocurrency pockets information.<\/p>\n<p>The Python variant of the stealer, <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/securelist.com\/arkanix-stealer\/119006\/\">Kaspersky says<\/a>, was deployed through a Python script, typically bundled with PyInstaller or Nuitka, and will dynamically modify its configuration by making GET requests to a distant server.<\/p>\n<div class=\"zox-post-ad-wrap\"><span class=\"zox-ad-label\">Commercial. Scroll to proceed studying.<\/span><\/div>\n<p>Arkanix Stealer may gather broad system data, together with CPU, GPU, RAM, OS, display, keyboard, and time zone information, together with particulars on the put in software program, together with antivirus and VPN functions.<\/p>\n<p>It may additionally goal 22 browsers to reap data corresponding to historical past, autofill data, passwords, cookies, and 0Auth2 information, in addition to Telegram messages and Discord credentials.<\/p>\n<p>The analyzed stealer pattern additionally contained a self-spreading function, buying a listing of the sufferer\u2019s Discord pals and channels through the Discord API, and sending a configured message to them.<\/p>\n<p>Kaspersky additionally noticed the malware accumulating credentials from recognized VPN shoppers, corresponding to Mullvad VPN, NordVPN, ExpressVPN, and ProtonVPN.<\/p>\n<p>Utilizing a pre-defined set of paths, the malware was seen exfiltrating information from a number of directories related to the present person, packing them in a ZIP archive, and sending them to the command-and-control (C&amp;C) server.<\/p>\n<p>The malware may additionally fetch extra modules from the C&amp;C to increase its capabilities. These modules embody a Chrome grabber, a pockets patcher, an additional collector, and a Python script positioned within the startup folder to be executed at system boot.<\/p>\n<p>The native variant makes use of VMProtect, with out code virtualization, implements anti-analysis options, collects RDP connection particulars, targets gaming information and shoppers for credential theft, captures screenshots, and exfiltrates browser information.<\/p>\n<p>Kaspersky recognized two servers used to host the stealer panel and monitor victims, each secured through a sign-in web page. The malware\u2019s developer additionally maintained a Discord channel to work together with customers and applied a referral program to draw clients.<\/p>\n<p>\u201cThis marketing campaign tends to be extra of a one-shot marketing campaign for fast monetary positive factors somewhat than a long-running an infection. The panel and the Discord chat have been taken down round December 2025, leaving no message or traces of additional growth or a resurgence,\u201d Kaspersky notes.<\/p>\n<p><strong>Associated:<\/strong> <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.securityweek.com\/solyximmortal-information-stealer-emerges\/\">\u2018SolyxImmortal\u2019 Data Stealer Emerges<\/a><\/p>\n<p><strong>Associated:<\/strong> <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.securityweek.com\/infostealer-malware-delivered-in-emeditor-supply-chain-attack\/\">Infostealer Malware Delivered in EmEditor Provide Chain Assault<\/a><\/p>\n<p><strong>Associated:<\/strong> <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.securityweek.com\/new-sandworm_mode-supply-chain-attack-hits-npm\/\">New \u2018Sandworm_Mode\u2019 Provide Chain Assault Hits NPM<\/a><\/p>\n<p><strong>Associated:<\/strong> <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.securityweek.com\/new-keenadu-android-malware-found-on-thousands-of-devices\/\">New Keenadu Android Malware Discovered on Hundreds of Units<\/a>\n\t\t\t<\/p>\n<\/div>\n\n","protected":false},"excerpt":{"rendered":"<p>A brand new infostealer named \u2018Arkanix Stealer\u2019 operated as a malware-as-a-service (MaaS) enterprise in a one-shot marketing campaign, Kaspersky says. Carried out in each C++ and Python, the malware emerged in October 2025, when its developer began promoting it in underground discussion board posts, however seemingly ceased operations in December, when its management panel and [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":12138,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[7979,4245,7980,216,7981,2256],"class_list":["post-12136","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-arkanix","tag-debut","tag-disappears","tag-malware","tag-shortly","tag-stealer"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/12136","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=12136"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/12136\/revisions"}],"predecessor-version":[{"id":12137,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/12136\/revisions\/12137"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/12138"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=12136"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=12136"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=12136"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<!-- This website is optimized by Airlift. Learn more: https://airlift.net. Template:. Learn more: https://airlift.net. Template: 69d9690a190636c2e0989534. Config Timestamp: 2026-04-10 21:18:02 UTC, Cached Timestamp: 2026-04-11 07:26:30 UTC -->