Home Malware Programs Trojans Arkei Stealer

Arkei Stealer

Posted: August 3, 2020

Arkei Stealer is a threatening piece of malware that first made it to the news headlines in June 2018 when it was found in a legitimate software updates package hosted on GitHub. Cybercriminals had somehow managed to get unauthorized access to the official GitHub account of a cryptocurrency wallet and managed to replace the legitimate software package with one that has been laced with the Arkei Stealer. The attack was caught quickly, but it is very likely that this campaign managed to infect hundreds of users with the Arkei Stealer that was unknown back then.

The Arkei Stealer Code Helped Build the Vidar and Baldr Infostealers

Surprisingly, the Arkei Stealer never became a big name in the cybercrime field, but many cybercriminals used its source code to create their unique versions of the infostealer – two of the famous examples are Vidar Stealer and Baldr, both of which are based on Arkei's original code.

Despite being less popular than its successors, the Arkei Stealer is still used by many crooks around the world, and it has been involved in several large-scale propagation campaigns that were carried out by using different tricks. For example, the Arkei Stealer's infection rate spiked in April 2019 when it was spread online disguised as a Windows 'game booster' software that was meant to enhance a computer's performance – in reality, users who came across this software would unknowingly infect their systems with the threatening infostealer.

Arkei Focuses on Hijacking Information from Browsers and Cryptocurrency Wallets

Having this infostealer working freely on your PC can be a huge problem, because it may enable its operators to collect important information used to access online profiles, make payments and transfer cryptocurrency. Some of the main information that the Arkei Stealer specializes in hijacking is:

  • Passwords, autofill data, cookies, and history from Google Chrome, Mozilla Firefox and Microsoft Edge browsers. The same data can be obtained from other browsers based on the Gecko or Chromium projects (Maxthon, Amigo, Kometa, Orbitum and others).
  • Grab files used by cryptocurrency wallet software compatible with the Bitcoin and Ethereum cryptocurrencies.
  • The Arkei Stealer can collect files using specific file extensions (DOC, XLS, PDF, ZIP, TXT, etc.)
  • It can grab screenshots of the desktop and transfer them to the attacker's server.

The best way to stay protected from threats like this one is to use a regularly updated anti-malware software suite.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Arkei Stealer may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.