Video game mods are spreading new ‘Stealka’ crypto infostealer: Kaspersky

cointelegraphPublished on 2025-12-22Last updated on 2025-12-22

Abstract

A new malware called "Stealka" is targeting cryptocurrency wallets and browser extensions by disguising itself as video game cheats, mods, and software cracks, according to Kaspersky. The infostealer, discovered in November, is distributed through legitimate platforms like GitHub and Google Sites, and sometimes via fake professional-looking websites. It primarily targets Chromium and Gecko-based browsers—including Chrome, Firefox, and Edge—and steals autofill data, login credentials, and payment details. It also specifically targets 115 browser extensions related to crypto wallets, 2FA services, and password managers, including Binance, MetaMask, Trust Wallet, and Coinbase. Kaspersky advises using reliable antivirus software, avoiding pirated software and unofficial mods, and refraining from storing passwords in browsers.

New malware has been discovered that targets crypto wallets and browser extensions while disguising itself as game cheats and mods, says cybersecurity firm Kaspersky.

Kaspersky reported on Thursday that it had uncovered a new infostealer dubbed “Stealka,” which targets Microsoft Windows user data.

Attackers have used the malware, which was discovered in November, to hijack accounts, steal cryptocurrency, and install crypto miners on their victims’ computers while masquerading as video game cracks, cheats, and mods.

The malicious software has been distributed through legitimate platforms like GitHub, SourceForge, and Google Sites, and disguised as game mods, especially for Roblox, and software cracks for applications such as Microsoft Visio.

Sometimes, attackers go a step further, possibly using artificial intelligence tools, and creating entire fake websites that look “quite professional,” said Kaspersky researcher Artem Ushkov.

A fake website pretending to offer Roblox scripts, Source: Kaspersky

Crypto wallets and extensions targeted

Ushkov noted that Stealka has a fairly “extensive arsenal of capabilities,” but is particularly dangerous because its prime target is data from browsers built on the Chromium and Gecko engines.

This puts over 100 different browsers at risk, including popular ones such as Chrome, Firefox, Opera, Yandex, Edge, Brave, and many others.

Related: Hackers are exploiting a JavaScript library to plant crypto drainers

Its primary targets are autofill data, such as sign-in credentials, addresses, and payment card details, but it also targets the settings and databases of 115 browser extensions for crypto wallets, password managers, and 2FA (two-factor authentication) services.

Some of the 80 crypto wallets targeted include Binance, Coinbase, Crypto.com, SafePal, Trust Wallet, MetaMask, Ton, Phantom, Nexus, and Exodus.

Kaspersky also said the messaging apps, including Discord, Telegram, Unigram, Pidgin, and Tox, were also at risk, as were email clients, password managers, gaming clients, and even VPN applications.

Avoid pirated software and game mods

To stay protected, Kaspersky recommended using reliable antivirus software and password managers to avoid storing passwords in browsers. It also cautioned against using pirated software and unofficial game mods.

Cloudflare reported last week that more than 5% of all emails sent worldwide contain malicious content, and more than half of those contained a phishing link, while a quarter of all HTML attachments were found to be malicious.

Magazine: Big questions: Would Bitcoin survive a 10-year power outage?

Related Questions

QWhat is the name of the new infostealer malware discovered by Kaspersky and what does it target?

AThe new infostealer is called 'Stealka'. It primarily targets data from browsers built on Chromium and Gecko engines, including autofill data (sign-in credentials, addresses, payment card details), and the settings and databases of 115 browser extensions for crypto wallets, password managers, and 2FA services.

QHow is the Stealka malware being distributed to potential victims?

AThe malware is distributed by disguising itself as video game cracks, cheats, and mods. It has been spread through legitimate platforms like GitHub, SourceForge, and Google Sites. Attackers sometimes create entire fake, professional-looking websites to host the malicious software.

QWhich specific types of applications and services are at risk from the Stealka infostealer?

AOver 100 different browsers (Chrome, Firefox, Opera, etc.), 80 crypto wallets (Binance, Coinbase, MetaMask, etc.), messaging apps (Discord, Telegram, etc.), email clients, password managers, gaming clients, and VPN applications are all at risk.

QWhat recommendations does Kaspersky provide to protect against this threat?

AKaspersky recommends using reliable antivirus software, using password managers instead of storing passwords in browsers, and avoiding the use of pirated software and unofficial game mods.

QBeyond game mods, what other type of software is commonly used as a disguise for this malware?

AThe malware is also disguised as software cracks for applications such as Microsoft Visio.

Related Reads

New Paradigms and Investment Logic in the Era of AI+Web3

In the era of AI+Web3, a venture capital firm shares insights from reviewing numerous projects. The AI industry is seen as still early-stage, structured in a "seven-layer matrix" from power infrastructure to AI agents. Investment timing is crucial, especially in cyclical sectors like AI data centers. The integration of AI and Crypto is deemed essential for two reasons: 1) AI agents require "financial sovereignty" for micro, high-frequency, machine-to-machine transactions, and 2) blockchain provides trust and auditability to address AI "hallucinations" and ensure transparency. The core investment principle is "honesty." Teams must be genuine, not hastily assembled, and products must be substantiated by real metrics, not just flashy demos. Projects built on honesty are valued for long-term success over short-term hype. Looking ahead, the most underestimated opportunity for 2026 is the deep fusion of AI, blockchain, and entertainment. While most investment focuses on B2B infrastructure like payments and decentralized computing (DePIN), the future lies in consumer applications. As AI automates most human labor, society will shift towards leisure, creating massive demand for high-quality entertainment. AI can power immersive experiences (e.g., NPCs with autonomous consciousness in games), while blockchain secures digital ownership and economic systems. This convergence could unlock tremendous value in user time and capital within virtual worlds. *Disclaimer: The content represents the author's views for discussion only and does not constitute investment advice.*

marsbit15m ago

New Paradigms and Investment Logic in the Era of AI+Web3

marsbit15m ago

A Robotic Version of MicroStrategy Has Arrived! Can Ordinary People Invest in Giants in the Robotics Sector?

Andrew Kang, a prominent former crypto investor, has shifted his focus to AI and robotics, taking on the role of CEO at RoboStrategy. This publicly traded closed-end fund, inspired by MicroStrategy's capital model, aims to give retail investors access to early-stage robotics investments, a sector traditionally dominated by institutional capital. RoboStrategy recently listed on NASDAQ under the ticker "BOT" and secured a $2 billion equity financing commitment. Kang, co-founder of Mechanism Capital, began investing in robotics two years ago, with a notable early investment in Figure AI. RoboStrategy's portfolio now includes several robotics companies across hardware and software. The fund differentiates itself through permanent capital, a team of industry experts, and strong marketing capabilities. Its core strategy, termed R.I.S.E., involves raising capital when its share price trades at a premium to Net Asset Value (NAV), investing in high-conviction private robotics companies, scaling those investments, and using the resulting NAV growth to attract further capital—creating a potential flywheel effect. However, risks include its current high share price premium over NAV, the subjective valuation and illiquidity of its private holdings, and the inherent volatility of a closed-end fund structure.

marsbit46m ago

A Robotic Version of MicroStrategy Has Arrived! Can Ordinary People Invest in Giants in the Robotics Sector?

marsbit46m ago

Fantasy's Closing Notes: After Two and a Half Years of Trial and Error in SocialFi, What Have We Learned?

"Fantasy Shutdown Notes: Two and a Half Years of SocialFi Trial, What Have We Learned?" Fantasy, a SocialFi/crypto card game, is shutting down. The team is refunding 100% of investments to angel/seed round backers, as operational costs were fully covered by revenue. Over 2.5 years, the project returned approximately $20M to its community. The core reason for failure was building crypto economics on a foundation not designed for it. Traditional card games (Magic, Pokémon) succeed by prioritizing gameplay; financial value is a secondary outcome. Crypto card games invert this, attracting speculators first, not genuine players. This financialization trapped the team into managing a financial instrument instead of developing a game. This is a sector-wide issue. Embedding tokenomics into social products or creator-fan relationships often attracts short-term traders over genuine users, undermining the core value. The article also critiques premature token launches. Most tokens fail because they're issued before product-market fit is proven, diverting team and community focus to price speculation instead of building. Successful examples like Hyperliquid or Jupiter built sustainable businesses first. Fantasy's journey highlights key crypto pitfalls: the distorting effect of upfront financialization in gaming/social apps, and the dangers of launching tokens too early. The team hopes sharing these lessons helps future builders avoid the same traps.

marsbit58m ago

Fantasy's Closing Notes: After Two and a Half Years of Trial and Error in SocialFi, What Have We Learned?

marsbit58m ago

5 AI Tokens Attracting Sustained Capital During Market Uncertainty — Ozak AI Ranks First With Over $7 Million Raised

Despite market uncertainty, investors are increasingly turning to AI-based tokens, with Ozak AI (OZ) leading as the top choice due to over $7 million raised in its presale. Priced at $0.014 in its seventh presale phase, the token has seen 14x growth from its initial $0.001. Analysts target a $1 price, supported by its unique predictive AI infrastructure that merges blockchain data with advanced models like Temporal Fusion Transformer for market forecasts. Ozak AI’s partnerships with Zeni and Echobit aim to enhance Web3 accessibility and trading. Other notable AI tokens include Bittensor (TAO) for decentralized AI training, Numeraire (NMR) for crowd-sourced hedge fund strategies, Cortex (CTXC) for on-chain AI execution, and SingularityNET (AGIX) as a decentralized AI marketplace. Ozak AI stands out for its strong capital inflow and real-world utility, positioning it as a key signal in the AI crypto sector.

TheNewsCrypto1h ago

5 AI Tokens Attracting Sustained Capital During Market Uncertainty — Ozak AI Ranks First With Over $7 Million Raised

TheNewsCrypto1h ago

$67 Billion! AI Boom Fuels Largest Energy Merger in U.S. History

In a landmark deal, NextEra Energy announced a $67 billion acquisition of Dominion Energy on May 18, 2026, marking the largest U.S. utility merger. The primary driver is the insatiable power demand from AI data centers, concentrated in Virginia's "Data Center Alley," where Dominion is the key supplier holding over 51 GW of data center contracts. This acquisition highlights a fundamental shift. While global electricity demand grew 3% in 2025, data center demand surged 17%, driven by AI. This strain is causing irreversible price spikes, like the 76% increase in the PJM grid, and grid instability, as seen in a 2025 Virginia incident where 60 data centers disconnected simultaneously. NextEra, a major renewable energy provider, bets that combining its clean power and storage expertise with Dominion's strategic access to data centers will be transformative. However, the deal raises critical questions about cost distribution. Analysts warn that up to $700 billion in infrastructure costs may be passed to residential consumers through higher bills, creating a disparity where private AI profits rely on publicly subsidized grid upgrades. This merger signals just the beginning of AI's profound reshaping of the energy landscape.

marsbit1h ago

$67 Billion! AI Boom Fuels Largest Energy Merger in U.S. History

marsbit1h ago

Trading

Spot
Futures
活动图片