Crypto Theft Hides In Plain Sight Inside Popular Game Mods—Kaspersky

bitcoinistPublicado a 2025-12-23Actualizado a 2025-12-23

Resumen

Kaspersky warns of a new infostealer malware called "Stealka" distributed through fake video game mods and cracked software, primarily targeting Windows users. Disguised as cheats or utility cracks for popular titles like Roblox or Microsoft Visio, the malware is hosted on platforms like GitHub and Google Sites to appear legitimate. Once executed, Stealka steals browser data, saved passwords, and cryptocurrency wallet information—targeting over 115 browser extensions including MetaMask, Binance Wallet, and Coinbase. It collects private keys, seed phrases, and autofill data, enabling account takeovers and further malicious spread. Detected initially in Russia, Turkey, Brazil, Germany, and India, the malware is sometimes bundled with cryptomining code. Users are advised to avoid unofficial software, use antivirus tools, enable two-factor authentication, and verify file checksums before installation.

Kaspersky has warned that a new infostealer called “Stealka” is being spread through bogus video game mods and cracked software, putting crypto users and gamers at risk.

The malware was identified in November 2025 and is delivered as what looks like harmless game add-ons or utility cracks. Systems running Windows are the main target.

Attackers Hide Malware In Mods

Reports have disclosed that Stealka is disguised as cheats, mods and cracks for popular titles, with fake packages posted to places users normally trust. Files have been seen on GitHub, SourceForge, Softpedia and Google Sites, which helps the downloads look legitimate.

In some cases, the malware was packaged as a Roblox mod or as a cracked copy of Microsoft Visio. According to Kaspersky, the campaign uses convincing websites and may employ automated tools to create professional pages that trick people into clicking download links.

Data And Wallets Targeted

Once run, Stealka searches for browser data, saved passwords and crypto wallet information. Based on reports, it targets more than 115 browser extensions tied to wallets, password managers and two-factor apps.

Extensions for MetaMask, Binance Wallet, Coinbase and other popular wallets are among those at risk. Private keys, seed phrases and wallet file paths can be exposed on an infected machine, and stored browser cards and autofill entries are also collected.

Total crypto market cap currently at $3.01 trillion. Chart: TradingView

Victims’ accounts can be taken over using the stolen credentials, and that access can then be used to push further malicious links to friends or followers.

How The Threat Spreads And Where It’s Seen

Kaspersky’s telemetry shows initial detections in Russia, with additional cases reported in Turkey, Brazil, Germany and India.

Distribution methods vary. Sometimes a single download bundle carries Stealka; other times it is paired with cryptominer code so infected computers also mine cryptocurrency for the attackers.

Files hosted on trusted developer portals make it harder for users to spot danger, and the malware’s wide reach means standard precautions can still be bypassed if users ignore basic safety steps.

Recommendations For Users

According to cybersecurity advisories, avoid unofficial or pirated software and only download mods from verified, trusted creators. Use a reputable antivirus product and keep it updated.

Password managers are recommended over saving credentials in browsers, and two-factor authentication should be enabled for crypto accounts when available.

Keep Windows and applications patched, and check that a downloaded file’s checksum or digital signature matches the developer’s published value before running installers.

Featured image from Kaspersky, chart from TradingView

Preguntas relacionadas

QWhat is the name of the new infostealer malware being spread through fake game mods and cracked software?

AThe new infostealer malware is called 'Stealka'.

QWhich operating systems are the primary target of the Stealka malware?

ASystems running Windows are the main target of the Stealka malware.

QWhat types of sensitive information does the Stealka malware steal from infected computers?

AStealka steals browser data, saved passwords, crypto wallet information, private keys, seed phrases, wallet file paths, stored browser cards, and autofill entries.

QName at least two trusted online platforms where the fake packages containing the malware were found.

AFake packages containing the malware were found on GitHub, SourceForge, Softpedia, and Google Sites.

QWhat are two key security recommendations provided to protect against this threat?

ATwo key recommendations are to avoid unofficial or pirated software and to use a reputable, updated antivirus product. Additionally, using password managers and enabling two-factor authentication for crypto accounts is advised.

Lecturas Relacionadas

L1 is Dead, Long Live Appchain

"L1 is Dead, Appchain Rises" critiques the failure of current Layer-1 (L1) blockchain models, arguing their tokens are trending toward zero. The author identifies key flaws: linear token emissions that incentivize selling rather than value creation, weak value propositions like "gas token" and "governance" narratives, mismanagement by bloated "foundations" or "labs" that drain value through excessive spending and token sales, and poor industry leadership focused on short-term narratives and overhyped trends like RaaS and high TPS. The solution proposed is a fundamental shift. New L1 token models are needed, moving away from the "low float, high FDV" paradigm that disadvantages retail investors. Fundraising should be sufficient only for launch, not excessive. Token unlocks should be tied to real milestones like CEX listings or DeFi integration. The ultimate goal should be for L1 tokens to become widely used mediums of exchange, not just fuel for networks. Value is increasingly moving to the application layer, with successful apps building their own chains (appchains). The author concludes that L1s must build sustainable value by creating useful applications and services, fostering strong holder communities, and achieving self-sustainability without relying on continuous token emissions.

marsbitHace 53 min(s)

marsbitHace 53 min(s)

An Open-Source AI Tool That No One Saw Predicted Kelp DAO's $292 Million Vulnerability 12 Days Ago

An open-source AI security tool flagged critical risks in Kelp DAO’s cross-chain architecture 12 days before a $292 million exploit on April 18, 2026—the largest DeFi incident of the year. The vulnerability was not in the smart contracts but in the configuration of LayerZero’s cross-chain bridge: a 1-of-1 Decentralized Verifier Network (DVN) setup allowed an attacker to forge cross-chain messages with a single compromised node. The tool, which performs AI-assisted architectural risk assessments using public data, identified several unremediated risks, including opaque DVN configuration, single-point-of-failure across 16 chains, unverified cross-chain governance controls, and similarities to historical bridge attacks like Ronin and Harmony. It also noted the absence of an insurance pool, which amplified losses as Aave and other protocols absorbed nearly $300M in bad debt. The attack unfolded over 46 minutes: the attacker minted 116,500 rsETH on Ethereum via a fraudulent message, used it as collateral to borrow WETH on lending platforms, and laundered funds through Tornado Cash. While an emergency pause prevented two subsequent attacks worth ~$200M, the damage was severe. The tool’s report, committed to GitHub on April 6, scored Kelp DAO a medium-risk 72/100—later acknowledged as too lenient. It failed to query on-chain DVN configurations or initiate private disclosure, highlighting gaps in current DeFi security approaches that focus on code audits but miss config-level and governance risks. The incident underscores the need for independent, AI-powered risk assessment tools that evaluate protocol architecture, not just code.

marsbitHace 1 hora(s)

An Open-Source AI Tool That No One Saw Predicted Kelp DAO's $292 Million Vulnerability 12 Days Ago

marsbitHace 1 hora(s)

Figma's Stock Drops Over 7%, Is Claude Design the One to End It All?

Figma's stock fell over 7% following Anthropic's announcement of Claude Design, an experimental AI-powered design tool. Driven by the Opus 4.7 model, Claude Design generates prototypes, slides, and visual content, directly challenging Figma and Canva. A key feature is its seamless handoff capability to Claude Code, enabling a closed loop from design to development. The tool automatically reads existing code and design files to create tailored design systems, though early users report high token usage and bugs. The release follows a series of strategic moves by Anthropic, including limited releases of advanced models and high-level regulatory meetings. With a rumored $800 billion valuation and potential IPO by October, Anthropic is shifting from selling AI models to building end-user products, positioning itself as a competitor rather than just a partner to its API users. While Claude Design is not yet a full replacement for professional tools, it threatens to redefine Figma’s user base by enabling rapid prototyping for non-designers and small teams.

marsbitHace 1 hora(s)

Figma's Stock Drops Over 7%, Is Claude Design the One to End It All?

marsbitHace 1 hora(s)

Financing Weekly | 15 Public Financing Events, Paxos Labs Completes $12 Million Financing Led by Blockchain Capital

Last week (April 13-19) saw 15 blockchain funding rounds totaling over $165 million. Key deals include Paxos Labs raising $12 million led by Blockchain Capital to build DeFi infrastructure for stablecoin issuance and lending. In AI+Web3, OpenGradient secured $9.5 million for its verifiable AI compute network. DeFi highlights include Brix's $5.5 million raise for emerging market asset tokenization and Votre's $3.75 million seed round for its on-chain crypto lending platform. In centralized finance, digital banking platform Slash closed a $100 million Series C. Prediction market platform Pumpcade raised $5 million, backed by Jump Crypto. Additionally, DePIN project SHARE completed a seed round led by Greenfield Capital.

marsbitHace 1 hora(s)

Financing Weekly | 15 Public Financing Events, Paxos Labs Completes $12 Million Financing Led by Blockchain Capital

marsbitHace 1 hora(s)

USDD In-Depth Research Report

USDD is a decentralized overcollateralized stablecoin pegged 1:1 to the U.S. dollar.

HTX NewsHace 1 hora(s)

HTX NewsHace 1 hora(s)

Trading

Spot

Futuros

Artículos destacados

Cómo comprar FRAX

¡Bienvenido a HTX.com! Hemos hecho que comprar FRAX (FRAX) sea simple y conveniente. Sigue nuestra guía paso a paso para iniciar tu viaje de criptos.Paso 1: crea tu cuenta HTXUtiliza tu correo electrónico o número de teléfono para registrarte y obtener una cuenta gratuita en HTX. Experimenta un proceso de registro sin complicaciones y desbloquea todas las funciones.Obtener mi cuentaPaso 2: ve a Comprar cripto y elige tu método de pagoTarjeta de crédito/débito: usa tu Visa o Mastercard para comprar FRAX (FRAX) al instante.Saldo: utiliza fondos del saldo de tu cuenta HTX para tradear sin problemas.Terceros: hemos agregado métodos de pago populares como Google Pay y Apple Pay para mejorar la comodidad.P2P: tradear directamente con otros usuarios en HTX.Over-the-Counter (OTC): ofrecemos servicios personalizados y tipos de cambio competitivos para los traders.Paso 3: guarda tu FRAX (FRAX)Después de comprar tu FRAX (FRAX), guárdalo en tu cuenta HTX. Alternativamente, puedes enviarlo a otro lugar mediante transferencia blockchain o utilizarlo para tradear otras criptomonedas.Paso 4: tradear FRAX (FRAX)Tradear fácilmente con FRAX (FRAX) en HTX's mercado spot. Simplemente accede a tu cuenta, selecciona tu par de trading, ejecuta tus trades y monitorea en tiempo real. Ofrecemos una experiencia fácil de usar tanto para principiantes como para traders experimentados.

618 Vistas totalesPublicado en 2026.03.03Actualizado en 2026.03.03

Qué es MANTRA

I. Introducción al ProyectoMANTRA es una Blockchain de Capa 1 centrada en la Seguridad, capaz de adherirse y hacer cumplir los requisitos regulatorios del mundo real. Construida para Instituciones y Desarrolladores, MANTRA ofrece una Blockchain sin permisos para aplicaciones con permisos.Características Clave: * Construida utilizando Cosmos SDK, compatible con IBC, con soporte para CosmWasm * Asegurada a través de un conjunto de validadores PoS soberanos * Escalable hasta 10k TPS * Módulos, SDKs y APIs integrados para crear, comerciar y gestionar RWAs que cumplan con la regulación * Experiencia de Usuario Mejorada para integrar a usuarios e instituciones no nativas en Web3.1) Información BásicaNombre: MANTRA (OM)III. Enlaces RelacionadosDocumento Técnico:https://docs.mantrachain.io/Sitio web oficial：https://www.mantrachain.io/Exploradores：https://mintscan.io/mantraRedes Sociales:https://x.com/MANTRA_ChainNota: La introducción al proyecto proviene de los materiales publicados o proporcionados por el equipo oficial del proyecto, que es solo para referencia y no constituye asesoramiento de inversión. HTX no se hace responsable de ninguna pérdida directa o indirecta resultante.

502 Vistas totalesPublicado en 2026.03.04Actualizado en 2026.03.04

Cómo comprar MANTRA

¡Bienvenido a HTX.com! Hemos hecho que comprar Mantra (MANTRA) sea simple y conveniente. Sigue nuestra guía paso a paso para iniciar tu viaje de criptos.Paso 1: crea tu cuenta HTXUtiliza tu correo electrónico o número de teléfono para registrarte y obtener una cuenta gratuita en HTX. Experimenta un proceso de registro sin complicaciones y desbloquea todas las funciones.Obtener mi cuentaPaso 2: ve a Comprar cripto y elige tu método de pagoTarjeta de crédito/débito: usa tu Visa o Mastercard para comprar Mantra (MANTRA) al instante.Saldo: utiliza fondos del saldo de tu cuenta HTX para tradear sin problemas.Terceros: hemos agregado métodos de pago populares como Google Pay y Apple Pay para mejorar la comodidad.P2P: tradear directamente con otros usuarios en HTX.Over-the-Counter (OTC): ofrecemos servicios personalizados y tipos de cambio competitivos para los traders.Paso 3: guarda tu Mantra (MANTRA)Después de comprar tu Mantra (MANTRA), guárdalo en tu cuenta HTX. Alternativamente, puedes enviarlo a otro lugar mediante transferencia blockchain o utilizarlo para tradear otras criptomonedas.Paso 4: tradear Mantra (MANTRA)Tradear fácilmente con Mantra (MANTRA) en HTX's mercado spot. Simplemente accede a tu cuenta, selecciona tu par de trading, ejecuta tus trades y monitorea en tiempo real. Ofrecemos una experiencia fácil de usar tanto para principiantes como para traders experimentados.

230 Vistas totalesPublicado en 2026.03.04Actualizado en 2026.03.04

Discusiones

Bienvenido a la comunidad de HTX. Aquí puedes mantenerte informado sobre los últimos desarrollos de la plataforma y acceder a análisis profesionales del mercado. A continuación se presentan las opiniones de los usuarios sobre el precio de A (A).