Cybercriminal developers are deploying info-stealer malware families, including Arkanix Stealer and SantaStealer, to exfiltrate credentials and cryptocurrency from victims worldwide [1, 2].
These tools represent a growing threat to digital privacy because they silently elevate privileges on a victim's system. This allows attackers to bypass security measures and steal sensitive personal data without the user's knowledge.
The malware is promoted and sold on dark-web forums and a dedicated Discord server [1, 2]. Once a system is infiltrated, the software identifies and steals valuable information, including passwords and cryptocurrency wallets, for financial profit [1, 2].
Arkanix Stealer was promoted toward the end of 2025 [1]. This specific strain is described as an AI-assisted info-stealer experiment, showcasing how attackers are integrating artificial intelligence to improve the efficiency of their data-harvesting tools [1].
Another strain, SantaStealer, surfaced in the weeks leading up to the 2024 holiday season [2]. This malware used holiday-themed branding to deceive targets, a common tactic used by cybercriminals to create a sense of urgency or trust during peak shopping periods [2].
Both families operate by infiltrating a system and silently sending data back to the operators [1, 2]. This process often involves elevating system privileges, which gives the malware deeper access to the operating system, and stored files [1, 2].
“Arkanix Stealer was promoted toward the end of 2025”
The emergence of Arkanix Stealer and SantaStealer highlights a dual-track evolution in cybercrime: the use of AI to automate theft and the use of social engineering via seasonal themes. By targeting cryptocurrency and credentials, these operators are focusing on high-liquidity assets that are difficult to recover once stolen, signaling a shift toward more aggressive, automated financial theft.
