Video game mods are spreading new ‘Stealka’ crypto infostealer: Kaspersky

cointelegraphPublished on 2025-12-22Last updated on 2025-12-22

Abstract

A new malware called "Stealka" is targeting cryptocurrency wallets and browser extensions by disguising itself as video game cheats, mods, and software cracks, according to Kaspersky. The infostealer, discovered in November, is distributed through legitimate platforms like GitHub and Google Sites, and sometimes via fake professional-looking websites. It primarily targets Chromium and Gecko-based browsers—including Chrome, Firefox, and Edge—and steals autofill data, login credentials, and payment details. It also specifically targets 115 browser extensions related to crypto wallets, 2FA services, and password managers, including Binance, MetaMask, Trust Wallet, and Coinbase. Kaspersky advises using reliable antivirus software, avoiding pirated software and unofficial mods, and refraining from storing passwords in browsers.

New malware has been discovered that targets crypto wallets and browser extensions while disguising itself as game cheats and mods, says cybersecurity firm Kaspersky.

Kaspersky reported on Thursday that it had uncovered a new infostealer dubbed “Stealka,” which targets Microsoft Windows user data.

Attackers have used the malware, which was discovered in November, to hijack accounts, steal cryptocurrency, and install crypto miners on their victims’ computers while masquerading as video game cracks, cheats, and mods.

The malicious software has been distributed through legitimate platforms like GitHub, SourceForge, and Google Sites, and disguised as game mods, especially for Roblox, and software cracks for applications such as Microsoft Visio.

Sometimes, attackers go a step further, possibly using artificial intelligence tools, and creating entire fake websites that look “quite professional,” said Kaspersky researcher Artem Ushkov.

A fake website pretending to offer Roblox scripts, Source: Kaspersky

Crypto wallets and extensions targeted

Ushkov noted that Stealka has a fairly “extensive arsenal of capabilities,” but is particularly dangerous because its prime target is data from browsers built on the Chromium and Gecko engines.

This puts over 100 different browsers at risk, including popular ones such as Chrome, Firefox, Opera, Yandex, Edge, Brave, and many others.

Related: Hackers are exploiting a JavaScript library to plant crypto drainers

Its primary targets are autofill data, such as sign-in credentials, addresses, and payment card details, but it also targets the settings and databases of 115 browser extensions for crypto wallets, password managers, and 2FA (two-factor authentication) services.

Some of the 80 crypto wallets targeted include Binance, Coinbase, Crypto.com, SafePal, Trust Wallet, MetaMask, Ton, Phantom, Nexus, and Exodus.

Kaspersky also said the messaging apps, including Discord, Telegram, Unigram, Pidgin, and Tox, were also at risk, as were email clients, password managers, gaming clients, and even VPN applications.

Avoid pirated software and game mods

To stay protected, Kaspersky recommended using reliable antivirus software and password managers to avoid storing passwords in browsers. It also cautioned against using pirated software and unofficial game mods.

Cloudflare reported last week that more than 5% of all emails sent worldwide contain malicious content, and more than half of those contained a phishing link, while a quarter of all HTML attachments were found to be malicious.

Magazine: Big questions: Would Bitcoin survive a 10-year power outage?

Related Questions

QWhat is the name of the new infostealer malware discovered by Kaspersky and what does it target?

AThe new infostealer is called 'Stealka'. It primarily targets data from browsers built on Chromium and Gecko engines, including autofill data (sign-in credentials, addresses, payment card details), and the settings and databases of 115 browser extensions for crypto wallets, password managers, and 2FA services.

QHow is the Stealka malware being distributed to potential victims?

AThe malware is distributed by disguising itself as video game cracks, cheats, and mods. It has been spread through legitimate platforms like GitHub, SourceForge, and Google Sites. Attackers sometimes create entire fake, professional-looking websites to host the malicious software.

QWhich specific types of applications and services are at risk from the Stealka infostealer?

AOver 100 different browsers (Chrome, Firefox, Opera, etc.), 80 crypto wallets (Binance, Coinbase, MetaMask, etc.), messaging apps (Discord, Telegram, etc.), email clients, password managers, gaming clients, and VPN applications are all at risk.

QWhat recommendations does Kaspersky provide to protect against this threat?

AKaspersky recommends using reliable antivirus software, using password managers instead of storing passwords in browsers, and avoiding the use of pirated software and unofficial game mods.

QBeyond game mods, what other type of software is commonly used as a disguise for this malware?

AThe malware is also disguised as software cracks for applications such as Microsoft Visio.

Related Reads

Dissecting Circle's Q1 Earnings Report: After the Interest Rate Dividend Ebbs, USDC Prepares for a Big Chess Game

Title: Circle Q1 2026 Earnings: Shifting Strategy as Interest Rate Windfall Subsides Circle reported its Q1 2026 financial results. While total revenue and reserve income of $694M slightly missed expectations, adjusted EBITDA grew 24% to $151M. A key trend is the decline in reserve income due to lower Federal Reserve interest rates, which Circle is countering by diversifying its revenue streams. Notably, non-interest "Other Revenue" hit a record $42M. USDC's circulation reached 77 billion, up 28% year-over-year, but its on-chain transaction volume surged 263% to $21.5 trillion, indicating significantly higher utilization in payments and DeFi. Financially, the core RLDC Margin improved to 41%, showing better cost control. However, operating expenses nearly doubled, partly due to post-IPO stock compensation costs. Looking ahead, Circle is expanding beyond being a simple stablecoin issuer. It highlighted the $222M presale for its Arc Network (valued at $3B) and launched new services like Managed Payments and the "Agent Stack" for AI-driven commerce. The company's strategy is evolving to position USDC as the foundational dollar network for the internet, targeting broader payment, enterprise, and AI agent economies.

marsbit15m ago

Dissecting Circle's Q1 Earnings Report: After the Interest Rate Dividend Ebbs, USDC Prepares for a Big Chess Game

marsbit15m ago

Deciphering Circle's Q1 Financial Report: After the Interest Rate Dividend Ebbs, USDC Is Planning a Grand Strategy

Circle's Q1 2026 financial report shows total revenue and reserve income of $6.94 billion, slightly below expectations, with net profit at $550 million, down 15% year-over-year. The company attributes the slowdown in revenue growth to declining reserve asset yields following a Federal Reserve rate cut. However, other revenue streams reached a record $420 million, indicating a diversification away from interest dependence. Key operational highlights include USDC's circulating supply reaching 77 billion, a 28% annual increase, while its on-chain transaction volume surged 263% to $21.5 trillion, showing significantly higher usage frequency. Circle's core RLDC Margin improved to 41%, reflecting better cost control. Looking beyond interest rate reliance, Circle is expanding into new areas. Its Arc Network completed a $2.22 billion ARC token presale at a $30 billion valuation. The company also launched Agent Stack, an infrastructure suite for AI Agent economies, and its Circle Payments Network (CPN) shows an estimated annual transaction volume of $83 billion. The report suggests Circle's strategy is evolving from merely issuing a stablecoin to building USDC into a foundational dollar network for the internet, targeting cross-border payments, enterprise settlement, and the emerging AI-driven economy.

Odaily星球日报18m ago

Deciphering Circle's Q1 Financial Report: After the Interest Rate Dividend Ebbs, USDC Is Planning a Grand Strategy

Odaily星球日报18m ago

Virtuals Is Not Really Doing AI Agent, But the Capital Market for AI Agent

Virtuals is not fundamentally an AI Agent platform, but a capital market for AI Agents. Its core innovation is transforming AI Agents from functional tools into tradable assets that can be issued, owned, traded, and community-driven. This creates a Crypto-native growth model: narrative drives asset creation, speculation fuels initial distribution, and community members become stakeholders, fostering viral spread. The project is evolving beyond being a simple launchpad. Through its Agent Commerce Protocol (ACP), it aims to build a commercial network where Agents can collaborate, provide services, and settle payments on-chain. The concept of "Agentic GDP" (aGDP) is introduced to measure this ecosystem's economic activity. While early growth was heavily fueled by speculation and a Base chain ecosystem, Virtuals now faces a critical juncture. Market attention is shifting from its ability to generate hype to its capacity to foster real, sustainable commercial activity among Agents. Its long-term success hinges on proving that these tokenized Agents can form a genuinely productive and autonomous economy, moving beyond being merely high-volatility AI assets.

marsbit1h ago

Virtuals Is Not Really Doing AI Agent, But the Capital Market for AI Agent

marsbit1h ago

From Presale to Public Markets, Ozak AI’s Pricing Gap Represents a 100x Upside Rarely Seen in New AI Tokens

Ozak AI is generating significant investor interest ahead of its public market launch. Currently priced at $0.014 in its final presale phase, the token has already seen a 1,300% increase from its initial price. With over $7 million raised and a fixed listing price of $1, early investors could see returns of up to 71x, with potential for 100x growth if post-launch momentum continues. The project is a predictive AI platform combining AI and blockchain to provide market forecasts and trading strategies. Its ecosystem includes 24/7 Predictive Agents, secure Data Vaults for user information, and a native $OZ token for accessing features, staking, and rewards. A recent partnership with AImstrong aims to enhance DeFi performance through predictive yield strategies and risk management. As Ozak AI transitions from presale to public trading, its current pricing represents a notable gap compared to its anticipated market potential, positioning it as a highly watched new AI token.

TheNewsCrypto1h ago

From Presale to Public Markets, Ozak AI’s Pricing Gap Represents a 100x Upside Rarely Seen in New AI Tokens

TheNewsCrypto1h ago

The AI Agent Era Accelerates Its Arrival: Questflow Defines a New Paradigm of Financial Intelligence with On-Chain AI Brokerage

The AI Agent era is accelerating, with the CB Insights AI 100 list highlighting global investment confidence. The focus has shifted from whether AI works to its speed of deployment and ability to manage complex workflows, with autonomous AI Agents driving this transformation. At the forefront is Questflow, a Singapore-based startup redefining financial intelligence through its on-chain AI brokerage. Unlike tools that merely provide data dashboards, Questflow deploys AI Agents that proactively scan markets, form judgments, and execute trades via a conversational interface—operating 24/7 without requiring manual confirmation for each decision. This embodies the new AI paradigm of agents capable of executing multi-step workflows autonomously. Questflow's mission is to democratize institutional-grade trading intelligence. Historically reserved for the ultra-wealthy, this capability is now accessible starting from just $1 through Questflow's "AI Clone + Copy Trade" model. The platform charges only a 1% execution fee, aligning its incentives directly with users and eliminating traditional management or performance fees. The timing is opportune, aligning with key trends identified by CB Insights: the scalable deployment of AI Agents, accelerated AI adoption in financial services, and the maturation of on-chain infrastructure. With robust liquidity on platforms like Hyperliquid and Polymarket, alongside advancements in AI reasoning and non-custodial wallet security, Questflow is positioned to merge the roles of broker, fund, and exchange into a single, accessible platform for millions.

链捕手1h ago

The AI Agent Era Accelerates Its Arrival: Questflow Defines a New Paradigm of Financial Intelligence with On-Chain AI Brokerage

链捕手1h ago

Trading

Spot
Futures
活动图片