• Arkanix Stealer pops up as short-lived AI info-stealer experiment February 22, 2026 10:33 AM 0 An information-stealing malware operation named Arkanix Stealer, promoted on multiple dark web forums towards the end of 2025, was likely developed as an AI-assisted experiment. • The project included a control panel and a Discord server for communication with users, but the author took them down without notification, just two months after the operation began. • Arkanix offered many of the standard data-stealing features that cybercriminals are used to, along with a modular architecture and anti-analysis features. • Kaspersky researchersanalyzed the Arkanix stealerand found clues indicating LLM-assisted development, which “might have drastically reduced development time and costs.” The researchers believe that Arkanix was a short-lived project for quick financial gains, which makes detection and tracking much more difficult. • Arkanix appears online Arkanix started being promoted on hacker forums in October 2025, offering two tiers to potential customers: a basic level with a Python-based implementation, and a “premium” one with a native C++ payload using VMProtect protection, integrating AV evasion and wallet injection features. • The developer set up a Discord server that acted as a forum for the community around the project to receive updates, provide feedback for proposed features, and receive help.

Article Summaries:

  • Arkanix Stealer, a data‑stealing malware first promoted on dark‑web forums in October 2025, appears to have been an AI‑assisted experiment that lasted only two months. Kaspersky researchers identified clues of large‑language‑model (LLM) involvement, suggesting the tool was built quickly and cheaply. The malware offered a basic Python version and a premium C++ payload protected by VMProtect, with features such as browser credential theft, VPN and wallet data extraction, and anti‑analysis checks. A Discord server and referral program supported a community of users, but the author shut down the control panel and Discord without notice. Kaspersky’s analysis lists indicators of compromise and notes that Arkanix may have been more of a public software product than a traditional stealer.

Sources: