Arkanix Stealer infostealer operation
Malware Activity
Summary
Hide ▲
Show ▼
A short-lived Arkanix Stealer operation emerged in October 2025, putting browser data, wallets, and credentials at risk across multiple platforms. The project combined a Python-based build and a native C++ premium build with VMProtect, plus anti-analysis features that made detection harder. Its modular design and Discord API abuse widened the theft surface and complicated tracking.
Related Happenings
Discord defaults voice and video calls to end-to-end encryption
Security Tool/Service
First: 19.05.2026 23:37
Last: 19.05.2026 23:37
Sources 1
About this happening:
**Discord** has made **end-to-end encryption (E2EE)** the default for **voice and video calls**, strengthening privacy across a widely used communications platform. The rollout wa...
Discord defaults voice and video calls to end-to-end encryption
Security Tool/ServiceAbout this happening: **Discord** has made **end-to-end encryption (E2EE)** the default for **voice and video calls**, strengthening privacy across a widely used communications platform. The rollout wa...
Gremlin stealer modular toolkit evolution
Malware Activity
First: 15.05.2026 17:19
Last: 15.05.2026 17:19
Sources 1
About this happening:
The **Gremlin stealer** malware has expanded into a **modular toolkit** with **session-hijacking** and **crypto clipping** capabilities, raising the risk of credential theft and a...
Gremlin stealer modular toolkit evolution
Malware ActivityAbout this happening: The **Gremlin stealer** malware has expanded into a **modular toolkit** with **session-hijacking** and **crypto clipping** capabilities, raising the risk of credential theft and a...
Gremlin stealer adds .NET Resource and XOR obfuscation to evade static analysis
Technical Analysis
First: 15.05.2026 17:19
Last: 15.05.2026 17:19
Sources 1
About this happening:
The latest **Gremlin stealer** build adds **.NET Resource** payload hiding and **XOR encoding** to evade static analysis, making detection and triage harder. The malware also expa...
Gremlin stealer adds .NET Resource and XOR obfuscation to evade static analysis
Technical AnalysisAbout this happening: The latest **Gremlin stealer** build adds **.NET Resource** payload hiding and **XOR encoding** to evade static analysis, making detection and triage harder. The malware also expa...
Open-OSS/privacy-filter Hugging Face infostealer activity
Malware Activity
First: 11.05.2026 10:05
Last: 11.05.2026 10:05
Sources 1
About this happening:
A malicious **Hugging Face repository** called **Open-OSS/privacy-filter** impersonated **OpenAI's Privacy Filter** and delivered a **Rust-based information stealer** to **Windows...
Open-OSS/privacy-filter Hugging Face infostealer activity
Malware ActivityAbout this happening: A malicious **Hugging Face repository** called **Open-OSS/privacy-filter** impersonated **OpenAI's Privacy Filter** and delivered a **Rust-based information stealer** to **Windows...
PCPJack TeamPCP-targeting cloud credential theft campaign
Campaign
First: 08.05.2026 12:00
Last: 08.05.2026 12:00
Sources 1
About this happening:
A new **PCPJack** campaign is targeting **TeamPCP victims** by **worming across exposed cloud infrastructure**, creating a fresh risk of credential theft and unauthorized reuse of...
PCPJack TeamPCP-targeting cloud credential theft campaign
CampaignAbout this happening: A new **PCPJack** campaign is targeting **TeamPCP victims** by **worming across exposed cloud infrastructure**, creating a fresh risk of credential theft and unauthorized reuse of...
Timeline
-
22.02.2026 17:33 2 articles · 3mo ago
Arkanix Stealer infostealer operation
Initial DisclosurePromotion began on **dark web forums** in **October 2025** with a **Python** basic tier and a **native C++** premium tier. A **Discord server** and referral program were used to recruit users and distribute early updates.
Show sources
- Arkanix Stealer pops up as short-lived AI info-stealer experiment — www.bleepingcomputer.com — 22.02.2026 17:33
- Arkanix Stealer pops up as short-lived AI info-stealer experiment — www.bleepingcomputer.com — 22.02.2026 17:33