Home Malware Programs Trojans Arkei Stealer

Arkei Stealer

Posted: August 3, 2020

Arkei Stealer is a threatening piece of malware that first made it to the news headlines in June 2018 when it was found in a legitimate software updates package hosted on GitHub. Cybercriminals had somehow managed to get unauthorized access to the official GitHub account of a cryptocurrency wallet and managed to replace the legitimate software package with one that has been laced with the Arkei Stealer. The attack was caught quickly, but it is very likely that this campaign managed to infect hundreds of users with the Arkei Stealer that was unknown back then.

The Arkei Stealer Code Helped Build the Vidar and Baldr Infostealers

Surprisingly, the Arkei Stealer never became a big name in the cybercrime field, but many cybercriminals used its source code to create their unique versions of the infostealer – two of the famous examples are Vidar Stealer and Baldr, both of which are based on Arkei's original code.

Despite being less popular than its successors, the Arkei Stealer is still used by many crooks around the world, and it has been involved in several large-scale propagation campaigns that were carried out by using different tricks. For example, the Arkei Stealer's infection rate spiked in April 2019 when it was spread online disguised as a Windows 'game booster' software that was meant to enhance a computer's performance – in reality, users who came across this software would unknowingly infect their systems with the threatening infostealer.

Arkei Focuses on Hijacking Information from Browsers and Cryptocurrency Wallets

Having this infostealer working freely on your PC can be a huge problem, because it may enable its operators to collect important information used to access online profiles, make payments and transfer cryptocurrency. Some of the main information that the Arkei Stealer specializes in hijacking is:

  • Passwords, autofill data, cookies, and history from Google Chrome, Mozilla Firefox and Microsoft Edge browsers. The same data can be obtained from other browsers based on the Gecko or Chromium projects (Maxthon, Amigo, Kometa, Orbitum and others).
  • Grab files used by cryptocurrency wallet software compatible with the Bitcoin and Ethereum cryptocurrencies.
  • The Arkei Stealer can collect files using specific file extensions (DOC, XLS, PDF, ZIP, TXT, etc.)
  • It can grab screenshots of the desktop and transfer them to the attacker's server.

The best way to stay protected from threats like this one is to use a regularly updated anti-malware software suite.

Loading...