March 19, 2025 By Bill Toulas
A newly discovered information-stealing malware called Arcane is stealing extensive user data, including VPN account credentials, gaming clients, messaging apps, and information stored in web browsers.
According to Kaspersky, the malware has no links or code that overlaps with the Arcane Stealer V, which has been circulating on the dark web for years.
The Arcane malware campaign started in November 2024, having gone through several evolutionary steps, including primary payload replacements.
All conversations and public posts by its operators are in Russian, with Kaspersky's telemetry showing that most Arcane infections are in Russia, Belarus, and Kazakhstan.
This is particularly notable, as most threat actors based in Russia typically avoid targeting users within the country and other CIS nations to prevent conflicts with local authorities.