Novel Arcane infostealer facilitates extensive data pilfering

March 20, 2025

Intrusions involving the newly emergent Arcane Stealer malware with comprehensive data theft capabilities have been deployed by suspected Russian threat actors primarily against Russia, Belarus, and Kazakhstan as part of a campaign that commenced in November, according to BleepingComputer.

After initially leveraging YouTube videos on game cheats and cracks to lure targets into clicking a link that would download a password-protected archive with scripts that deactivate Windows Defender and spread the information-stealing malware, attackers eventually used YouTube and Discord to promote the bogus cracked software downloader ArcanaLoader to facilitate the distribution of Arcane, which is unrelated to the Arcane Stealer V, a report from Kaspersky showed. Arcane commences compromise by conducting system profiling and software and hardware data exfiltration before targeting information, configuration files, and settings from Microsoft Outlook, NordVPN and other VPN clients, FileZilla and other network tools, Telegram and other messaging apps, Roblox and other gaming clients, Ethereum and other cryptocurrency wallets, and web browsers, said Kaspersky researchers.