Arkanix Stealer Targets Cryptocurrency And Browser Data

In October 2025, researchers discovered Arkanix Stealer, a MaaS infostealer advertised on dark web forums and coordinated via a Discord server. The malware included native C++ and Python implants, targeted 22 browsers, Telegram, Discord, VPNs and cryptocurrency wallets, and used configurable features updated from arkanix[.]pw; the affiliate program appears taken down at time of writing. The report provides indicators for detection and mitigation.
Key Points
- 1Identifies Arkanix Stealer MaaS offering native C++ and Python implants plus a configurable control panel
- 2Highlights comprehensive data theft across system info, 22 browsers, Telegram, Discord, VPNs, wallets, and extensions
- 3Advises practitioners to monitor phishing vectors, detect PyInstaller-packed loaders, and block arkanix[.]pw infrastructure
Scoring Rationale
Detailed vendor-backed malware analysis and actionable indicators, limited by niche focus on a one-off stealer campaign.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
