A new malware named Arcane is being spread through YouTube videos offering game cheats, mainly targeting Russian-speaking users. This malware is particularly concerning due to its extensive data collection capabilities, including gleaning sensitive information from various VPNs, gaming clients, and messaging services. The infection process involves links to password-protected archives which execute a batch file via PowerShell, disabling critical security protections. Although it shares similarities with other malware families, Arcane is recognized as a new, potent threat that replaces its predecessor, VGS.
"What's intriguing about this malware is how much it collects," Kaspersky said in an analysis. "It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla, and DynDNS."
The batch file then utilizes PowerShell to launch two executables embedded within the newly downloaded archive, while also disabling Windows SmartScreen protections and every drive root folder to SmartScreen filter exceptions.
Collection
[
|
...
]