Arkanix Stealer: a C++ & Python infostealer

This report analyzes the Arkanix Stealer, a malware-as-a-service information stealer discovered in October 2025 that operated via a panel and Discord-based marketing; it documents Python and native C++ implants (including a bundled ChromElevator component), phishing-oriented distribution, extensive data exfiltration capabilities (browsers, wallets, Telegram/Discord, VPNs, RDP, gaming clients, screenshots), modular secondary payloads, C2 infrastructure (arkanix.pw / arkanix.ru), and multiple file hashes and IoCs; the service appeared to be taken down by December 2025.