Arcane Stealer

The Arcane Stealer V is spyware that collects information from your PC, including a broad range of intelligence targets. Examples of potential info up for theft include browser cookies, instant messenger conversations and cryptocurrency wallet logins. Appropriate anti-malware services should flag and delete the Arcane Stealer V, which is available through multiple sources and could use unexpected infection techniques.

The Budget-Priced Swiss Army Knife of Spyware

A possibly-Russian threat actor is selling a new spyware product on the underground Web, at a price point, and with features, that make it attractive to inexperienced cyber-criminals. The Arcane Stealer V is a Swiss army knife kit of information-collecting attacks with almost no discriminations, and uses a 'broader is better' approach to profiting from its theft. Since malware analysts also confirm some leaks of its source code, even threat actors without the paltry, nine-dollar fee may end up using this spyware toolkit.

The Arcane Stealer V lacks many of the more advanced features of a for-sale Black Hat software enterprise, such as network traversal. It also has no self-distributing capabilities such as USB infectiousness, and can't discriminate between targets via language settings. Still, what it lacks on the higher end, it makes up at the lower one. It has a user-friendly graphical panel interface for the administrator and can collect almost any type of information of typical financial value.

Besides the usual, system information stats, the Arcane Stealer V automatically grabs all of the following:

• Instant messenger sessions.
• Passwords and other login credentials.
• Browser cookie files.
• Saved form data (such as password fields).
• File-sharing service data.
• Cryptocurrency wallet details (Bitcoin, etc.).
• Notepad and Word documents.
• Steam gaming profile & community information.

All of these details are, theoretically, available to threat actors paying the usage fee of nine dollars. The availability of the source code, also, transforms forks and variants of the Arcane Stealer V into a future possibility, just like njRAT or the frequently-tinkered-with Hidden Tear.

Info Thieves Poised to Storm the Computer World

Unlike many threats, the Arcane Stealer V doesn't use IP addresses or language settings for aborting attacks against any unwanted victims and doesn't geo-filter its payload. This characteristic merges semi-strangely with the suspected Russian origin of its author. Most Russia-based threat actors avoid targeting Russian residents due to concerns of conflict with the nation's law enforcement. However, the Arcane Stealer V has no discrimination features that would halt an attack, and collects information highly indiscriminately.

The Arcane Stealer V's business model favors clients with fledgling expertise in programming or other aspects of cyber-crime. According to that trait, malware experts are assigning some infection strategies as a higher priority for the Arcane Stealer V distribution than others. Torrents, fake software updates, counterfeit cracks for games, compromised advertisements or malvertising, and e-mail and social messaging spam are some possible ways that criminals could circulate the spyware.

Since it's a broad-purpose but straightforward program, most anti-malware services should delete the Arcane Stealer V on sight without encountering many issues. Disinfection, however, doesn't retrieve collected passwords or other data.
There's nothing that's 'arcane' about wanting to make money off of other criminals who crave riches the wrong way. The Arcane Stealer V is banking on the best profit source being selling millionaire dreams to other criminals and letting their illicit hopes do the work.