Arkanix Stealer expands its reach: A deep dive into data theft and the MaaS referral initiative

Feb 19, 2026 | Threat Intelligence Research

New Malware as a Service: Arkanix Stealer Emerges

Threat intelligence from Kaspersky has unveiled a new malware strain called “Arkanix Stealer,” primarily functioning as a malware-as-a-service (MaaS). This stealer includes various features aimed at collecting sensitive information, particularly from users involved in cryptocurrency and gaming.

Arkanix raises concerns because it operates through a comprehensive control panel that allows users to adjust payloads and access statistics. The malware comprises both a C++ executable and a Python version, enabling a flexible distribution strategy. The exact method of initial infection remains unclear, though it likely involves phishing techniques, as inferred from file names associated with the malware. Once executed, the loader downloads the Arkanix payload, which is packed with various data collection capabilities—from system information and browser data to specific information from Telegram and Discord.

In addition to collecting general user data, Arkanix particularly targets cryptocurrency wallet credentials and online banking information. Its design includes built-in mechanisms for obfuscation and self-spreading through social media platforms. The campaign appears to have been short-lived, with reports indicating that the control panel may have already been taken down.

Why This Matters

The functionality of Arkanix Stealer poses significant risks, particularly for users engaged in cryptocurrency transactions and uncertain online security practices. The malware not only steals sensitive data but also exploits communication platforms, making it a versatile threat. Defenders must remain vigilant and proactive in addressing potential phishing attacks and the rise of such malware.

Enhanced threat intelligence and monitoring tools, like SIEMs and vulnerability scanners, can mitigate risks from such malware campaigns. Implementing multi-factor authentication and regular system updates can further safeguard personal and financial information.