Summary: A new stealer malware called Arcane is being distributed through YouTube videos promoting game cheats, targeting Russian-speaking users. This malware gathers a wide range of sensitive information from various applications, including VPNs, messaging apps, and gaming clients. It utilizes various techniques, including a batch file that activates PowerShell to initiate its malicious activities, while also evading security measures like Windows SmartScreen.
Affected: Users of VPN, gaming clients, and messaging apps, primarily in Russia, Belarus, and Kazakhstan.
Keypoints :
- Arcane gathers extensive data such as login credentials, passwords, credit card details, and system configuration files.
- The malware employs sophisticated methods to extract information, including the use of the Data Protection API and running external tools covertly.
- Attack chains involve password-protected archives shared on YouTube that execute a batch file to download and run the malicious payload.
Source: https://thehackernews.com/2025/03/youtube-game-cheats-spread-arcane.html