Crypto Theft Hides In Plain Sight Inside Popular Game Mods—Kaspersky

bitcoinistPublicado a 2025-12-23Actualizado a 2025-12-23

Resumen

Kaspersky warns of a new infostealer malware called "Stealka" distributed through fake video game mods and cracked software, primarily targeting Windows users. Disguised as cheats or utility cracks for popular titles like Roblox or Microsoft Visio, the malware is hosted on platforms like GitHub and Google Sites to appear legitimate. Once executed, Stealka steals browser data, saved passwords, and cryptocurrency wallet information—targeting over 115 browser extensions including MetaMask, Binance Wallet, and Coinbase. It collects private keys, seed phrases, and autofill data, enabling account takeovers and further malicious spread. Detected initially in Russia, Turkey, Brazil, Germany, and India, the malware is sometimes bundled with cryptomining code. Users are advised to avoid unofficial software, use antivirus tools, enable two-factor authentication, and verify file checksums before installation.

Kaspersky has warned that a new infostealer called “Stealka” is being spread through bogus video game mods and cracked software, putting crypto users and gamers at risk.

The malware was identified in November 2025 and is delivered as what looks like harmless game add-ons or utility cracks. Systems running Windows are the main target.

Attackers Hide Malware In Mods

Reports have disclosed that Stealka is disguised as cheats, mods and cracks for popular titles, with fake packages posted to places users normally trust. Files have been seen on GitHub, SourceForge, Softpedia and Google Sites, which helps the downloads look legitimate.

In some cases, the malware was packaged as a Roblox mod or as a cracked copy of Microsoft Visio. According to Kaspersky, the campaign uses convincing websites and may employ automated tools to create professional pages that trick people into clicking download links.

Data And Wallets Targeted

Once run, Stealka searches for browser data, saved passwords and crypto wallet information. Based on reports, it targets more than 115 browser extensions tied to wallets, password managers and two-factor apps.

Extensions for MetaMask, Binance Wallet, Coinbase and other popular wallets are among those at risk. Private keys, seed phrases and wallet file paths can be exposed on an infected machine, and stored browser cards and autofill entries are also collected.

Total crypto market cap currently at $3.01 trillion. Chart: TradingView

Victims’ accounts can be taken over using the stolen credentials, and that access can then be used to push further malicious links to friends or followers.

How The Threat Spreads And Where It’s Seen

Kaspersky’s telemetry shows initial detections in Russia, with additional cases reported in Turkey, Brazil, Germany and India.

Distribution methods vary. Sometimes a single download bundle carries Stealka; other times it is paired with cryptominer code so infected computers also mine cryptocurrency for the attackers.

Files hosted on trusted developer portals make it harder for users to spot danger, and the malware’s wide reach means standard precautions can still be bypassed if users ignore basic safety steps.

Recommendations For Users

According to cybersecurity advisories, avoid unofficial or pirated software and only download mods from verified, trusted creators. Use a reputable antivirus product and keep it updated.

Password managers are recommended over saving credentials in browsers, and two-factor authentication should be enabled for crypto accounts when available.

Keep Windows and applications patched, and check that a downloaded file’s checksum or digital signature matches the developer’s published value before running installers.

Featured image from Kaspersky, chart from TradingView

Preguntas relacionadas

QWhat is the name of the new infostealer malware being spread through fake game mods and cracked software?

AThe new infostealer malware is called 'Stealka'.

QWhich operating systems are the primary target of the Stealka malware?

ASystems running Windows are the main target of the Stealka malware.

QWhat types of sensitive information does the Stealka malware steal from infected computers?

AStealka steals browser data, saved passwords, crypto wallet information, private keys, seed phrases, wallet file paths, stored browser cards, and autofill entries.

QName at least two trusted online platforms where the fake packages containing the malware were found.

AFake packages containing the malware were found on GitHub, SourceForge, Softpedia, and Google Sites.

QWhat are two key security recommendations provided to protect against this threat?

ATwo key recommendations are to avoid unofficial or pirated software and to use a reputable, updated antivirus product. Additionally, using password managers and enabling two-factor authentication for crypto accounts is advised.

Lecturas Relacionadas

Which Companies Has NVIDIA's "Three-Track Investment Architecture" Invested In?

NVIDIA's investment strategy operates through a "three-track architecture," not just its NVentures venture arm. Corporate Development handles massive strategic bets (e.g., $30B in OpenAI, $10B in Anthropic, $20B in Synopsys). NVentures, a small team, focuses on early-stage, financial investments across sectors like quantum computing (Alice & Bob, PsiQuantum), AI infrastructure (OpenRouter, Tensormesh), and biotech. The NVIDIA Inception accelerator provides non-monetary support. This system allows NVIDIA to nurture startups and lock in strategic partners, creating a vast AI ecosystem. This aggressive capital deployment has drawn scrutiny. Critics like Michael Burry and EU regulators question potential "circular financing," where NVIDIA's equity investments in companies (e.g., CoreWeave, OpenAI) facilitate those companies' purchases of NVIDIA hardware, potentially inflating revenue. Supporters view it as a necessary "virtuous cycle" to secure supply and demand in a compute-scarce market. While NVentures' smaller deals appear like traditional VC, its role within the larger, controversial investment framework remains a point of debate.

marsbitHace 29 min(s)

Which Companies Has NVIDIA's "Three-Track Investment Architecture" Invested In?

marsbitHace 29 min(s)

Ten-Thousand-Word Analysis: From $10 to $290, MRVL Wins the Entire AI Era by 'Not Making GPUs'

Marvell Technology's stock price surged from under $10 in 2016 to a record $290 in June 2026, fueled not by making GPUs, but by dominating AI infrastructure connectivity. This analysis argues the market misvalues MRVL as merely a smaller Broadcom in custom AI chips, overlooking its true, unique position. Marvell's core strength lies in enabling high-speed data flow for AI clusters through three interconnected businesses. First, it holds a commanding ~70% market share in high-speed optical DSPs (essential for data center light modules), a deep-moat business with accelerating growth. Second, its custom AI chip design business serves hyperscalers like AWS, Microsoft, and Google, with a significant revenue pipeline despite lower margins. Third, stable cash flows come from Ethernet switch chips and enterprise storage controllers. Together, they form a full-stack "AI data movement" platform. CEO Matt Murphy's transformative leadership since 2016, involving strategic divestments, key acquisitions (like Inphi for optical DSPs), and securing long-term agreements with major cloud providers, repositioned the company. A pivotal $2 billion strategic investment from NVIDIA in 2026 underscored Marvell's critical role in the AI ecosystem, particularly through collaborations like NVLink Fusion. While Marvell faces risks—including client concentration (losing the Amazon Trainium3 design), lower-margin business mix, competitive threats, insider selling, and complex supply chains—its fundamentals remain strong. The optical interconnect moat is widening with the acquisition of Celestial AI (photonics fabric), and financial metrics show accelerating revenue growth and operating leverage. With a PEG ratio suggesting undervaluation relative to its growth, the thesis is that the market undervalues Marvell's monopolistic position in AI "plumbing" while overemphasizing its competitive custom chip segment. The story transcends investing, symbolizing how in any complex system—from the internet to AI—the value of "connection" ultimately surpasses that of individual "nodes."

marsbitHace 30 min(s)

Ten-Thousand-Word Analysis: From $10 to $290, MRVL Wins the Entire AI Era by 'Not Making GPUs'

marsbitHace 30 min(s)

AI Relay Stations Spark Heated Debate on Zhihu: Behind Cheap Tokens, What Are Users Really Worried About?

A discussion on Zhihu about "AI relay stations" shifted the niche developer topic of "cheap tokens" into broader user awareness. Users moved beyond simply questioning the legitimacy of these services to focus on practical concerns: Where do cheap tokens truly come from? Is the model being accessed the real one? Can relay stations see prompts, code, and API keys? For occasional users, are the risks worth it? The core debate centered less on price and more on trust. A primary worry is model authenticity—the risk of "model swapping," where users paying for a premium model might be routed to a cheaper one, creating an information asymmetry. Others argued that cost comparisons matter; while cheaper than official pay-as-you-go APIs, relay stations may not be the lowest-cost option versus subscriptions, domestic models, or free tiers, making user needs assessment crucial. Speculation about token sources ranged from legitimate bulk discounts to gray-area methods like account sharing or exploiting regional pricing. This opacity makes risk assessment difficult for users. Data security emerged as a critical concern, especially for enterprise use. When processing sensitive information like code, contracts, or client data, the inability to verify a relay station's data handling, retention, or access policies poses significant compliance and confidentiality risks. The evolving consensus suggests relay stations can be used cautiously for low-sensitivity, disposable tasks (e.g., summarizing public info, simple translation). However, they should not be the default for sensitive, professional, or production workflows involving proprietary data, Agents, or automated systems. Recommendations include avoiding large prepayments, not relying on a single service, using test prompts to monitor quality, anonymizing data where possible, and keeping official channels as backups. Ultimately, the discussion framed tokens not just as a billing unit but as a measure of real cost encompassing price, model integrity, data security, and service stability. The popularity of relay stations highlights user demand for affordable access, but the debate underscores a key trade-off: the savings from cheap tokens may come at the price of trust, transparency, and control over one's data and AI experience.

marsbitHace 1 hora(s)

AI Relay Stations Spark Heated Debate on Zhihu: Behind Cheap Tokens, What Are Users Really Worried About?

marsbitHace 1 hora(s)

In-Depth Research Report on TradFi: The Convergence Wave of Crypto and Traditional Finance

In 2026, the crypto industry is undergoing a profound infrastructure-level transformation—TradFi assets are migrating on-chain at an unprecedented pace. According to CoinGecko's Q1 2026 report, the total value locked (TVL) of tokenized real-world assets (RWA) has surpassed $31 billion, a nearly 4x increase from $7.8 billion at the beginning of 2025, with the sector’s aggregate market capitalization reaching $19.3 billion. Among these, the market cap of tokenized stocks surged from $2 million to $486 million, with Q1 spot trading volume reaching $15.1 billion—a single quarter already surpassing the entire second half of 2025. RWA perpetual contract Q1 trading volume reached a staggering $524.8 billion, far exceeding the $313 billion for all of 2025. Meanwhile, BlackRock's BUIDL fund has reached $2.3 billion in scale and has filed for two new tokenized funds, signaling that the world's largest asset manager's tokenization strategy is evolving from pilot to product suite expansion. HTX, as a core participant in the crypto exchange sector, officially launched TradFi perpetual futures products including NVDA, AAPL, MSFT, META, and SPY in 2026, enabling crypto users to gain 24/7 trading access to core U.S. equities. Boston Consulting Group predicts that global tokenized asset scale could reach $16 trillion by 2030, while McKinsey offers a conservative estimate of approximately $2 trillion. The on-chain migration of TradFi assets is no longer a "future narrative" but a structural transformation unfolding in real time, as crypto exchanges evolve from single crypto asset trading platforms toward "multi-asset-class trading infrastructure."

HTX LearnHace 1 hora(s)

In-Depth Research Report on TradFi: The Convergence Wave of Crypto and Traditional Finance

HTX LearnHace 1 hora(s)

Blockchain Association Urges Senate To Pass CLARITY Act With Letter Backed By 160 Ex-Officials

The Blockchain Association, along with 160 former national security and law enforcement officials, has urged Senate leaders to pass the CLARITY Act. They argue that without clear federal regulation, crypto activity will move to opaque offshore markets, hindering U.S. efforts to combat financial crime. The letter highlights that the Act would strengthen law enforcement by expanding anti-money laundering and sanctions requirements under the Bank Secrecy Act, improving information sharing between agencies like the Treasury, DOJ, and FBI, and enhancing oversight of digital asset kiosks with measures like transaction monitoring and fraud prevention. The Association emphasizes these are enforcement enhancements, not deregulation. Momentum for the bill is building, with a Senate vote expected this summer, though it would still need reconciliation with a previously passed House version.

bitcoinistHace 1 hora(s)

Blockchain Association Urges Senate To Pass CLARITY Act With Letter Backed By 160 Ex-Officials

bitcoinistHace 1 hora(s)

Trading

Spot

Futuros

Artículos destacados

Cómo comprar BILL

¡Bienvenido a HTX.com! Hemos hecho que comprar Billions Network (BILL) sea simple y conveniente. Sigue nuestra guía paso a paso para iniciar tu viaje de criptos.Paso 1: crea tu cuenta HTXUtiliza tu correo electrónico o número de teléfono para registrarte y obtener una cuenta gratuita en HTX. Experimenta un proceso de registro sin complicaciones y desbloquea todas las funciones.Obtener mi cuentaPaso 2: ve a Comprar cripto y elige tu método de pagoTarjeta de crédito/débito: usa tu Visa o Mastercard para comprar Billions Network (BILL) al instante.Saldo: utiliza fondos del saldo de tu cuenta HTX para tradear sin problemas.Terceros: hemos agregado métodos de pago populares como Google Pay y Apple Pay para mejorar la comodidad.P2P: tradear directamente con otros usuarios en HTX.Over-the-Counter (OTC): ofrecemos servicios personalizados y tipos de cambio competitivos para los traders.Paso 3: guarda tu Billions Network (BILL)Después de comprar tu Billions Network (BILL), guárdalo en tu cuenta HTX. Alternativamente, puedes enviarlo a otro lugar mediante transferencia blockchain o utilizarlo para tradear otras criptomonedas.Paso 4: tradear Billions Network (BILL)Tradear fácilmente con Billions Network (BILL) en HTX's mercado spot. Simplemente accede a tu cuenta, selecciona tu par de trading, ejecuta tus trades y monitorea en tiempo real. Ofrecemos una experiencia fácil de usar tanto para principiantes como para traders experimentados.

211 Vistas totalesPublicado en 2026.05.07Actualizado en 2026.06.02

Qué es ATWO

I. Introducción al ProyectoArena Two es una plataforma interactiva descentralizada que permite a los fanáticos jugar un papel activo y tokenizado en los resultados de eventos en tiempo real. A diferencia de los modelos de transmisión tradicionales que reducen a los fanáticos a espectadores pasivos, Arena Two aprovecha la tecnología blockchain para permitir que los fanáticos voten directamente en tiempo real e influyan en los resultados en el campo.II. Información del TokenNombre del token: ATWO (Arena Two)III. Enlaces RelacionadosSitio web: https://arenatwo.com/Exploradores: https://basescan.org/token/0x499D35eBE6cEe9B2Ac35Fd003fcBbeeB9CFc7B32Twitter: https://x.com/arenatwoXNota: La introducción del proyecto proviene de los materiales publicados o proporcionados por el equipo oficial del proyecto, que es solo para referencia y no constituye asesoramiento de inversión. HTX no se hace responsable de ninguna pérdida directa o indirecta resultante.

136 Vistas totalesPublicado en 2026.05.18Actualizado en 2026.06.02

Cómo comprar ATWO

¡Bienvenido a HTX.com! Hemos hecho que comprar Arena Two (ATWO) sea simple y conveniente. Sigue nuestra guía paso a paso para iniciar tu viaje de criptos.Paso 1: crea tu cuenta HTXUtiliza tu correo electrónico o número de teléfono para registrarte y obtener una cuenta gratuita en HTX. Experimenta un proceso de registro sin complicaciones y desbloquea todas las funciones.Obtener mi cuentaPaso 2: ve a Comprar cripto y elige tu método de pagoTarjeta de crédito/débito: usa tu Visa o Mastercard para comprar Arena Two (ATWO) al instante.Saldo: utiliza fondos del saldo de tu cuenta HTX para tradear sin problemas.Terceros: hemos agregado métodos de pago populares como Google Pay y Apple Pay para mejorar la comodidad.P2P: tradear directamente con otros usuarios en HTX.Over-the-Counter (OTC): ofrecemos servicios personalizados y tipos de cambio competitivos para los traders.Paso 3: guarda tu Arena Two (ATWO)Después de comprar tu Arena Two (ATWO), guárdalo en tu cuenta HTX. Alternativamente, puedes enviarlo a otro lugar mediante transferencia blockchain o utilizarlo para tradear otras criptomonedas.Paso 4: tradear Arena Two (ATWO)Tradear fácilmente con Arena Two (ATWO) en HTX's mercado spot. Simplemente accede a tu cuenta, selecciona tu par de trading, ejecuta tus trades y monitorea en tiempo real. Ofrecemos una experiencia fácil de usar tanto para principiantes como para traders experimentados.

152 Vistas totalesPublicado en 2026.05.18Actualizado en 2026.06.02

Discusiones

Bienvenido a la comunidad de HTX. Aquí puedes mantenerte informado sobre los últimos desarrollos de la plataforma y acceder a análisis profesionales del mercado. A continuación se presentan las opiniones de los usuarios sobre el precio de A (A).