Video game mods are spreading new ‘Stealka’ crypto infostealer: Kaspersky

cointelegraphPublicado a 2025-12-22Actualizado a 2025-12-22

Resumen

A new malware called "Stealka" is targeting cryptocurrency wallets and browser extensions by disguising itself as video game cheats, mods, and software cracks, according to Kaspersky. The infostealer, discovered in November, is distributed through legitimate platforms like GitHub and Google Sites, and sometimes via fake professional-looking websites. It primarily targets Chromium and Gecko-based browsers—including Chrome, Firefox, and Edge—and steals autofill data, login credentials, and payment details. It also specifically targets 115 browser extensions related to crypto wallets, 2FA services, and password managers, including Binance, MetaMask, Trust Wallet, and Coinbase. Kaspersky advises using reliable antivirus software, avoiding pirated software and unofficial mods, and refraining from storing passwords in browsers.

New malware has been discovered that targets crypto wallets and browser extensions while disguising itself as game cheats and mods, says cybersecurity firm Kaspersky.

Kaspersky reported on Thursday that it had uncovered a new infostealer dubbed “Stealka,” which targets Microsoft Windows user data.

Attackers have used the malware, which was discovered in November, to hijack accounts, steal cryptocurrency, and install crypto miners on their victims’ computers while masquerading as video game cracks, cheats, and mods.

The malicious software has been distributed through legitimate platforms like GitHub, SourceForge, and Google Sites, and disguised as game mods, especially for Roblox, and software cracks for applications such as Microsoft Visio.

Sometimes, attackers go a step further, possibly using artificial intelligence tools, and creating entire fake websites that look “quite professional,” said Kaspersky researcher Artem Ushkov.

*A fake website pretending to offer Roblox scripts, Source: Kaspersky*

Crypto wallets and extensions targeted

Ushkov noted that Stealka has a fairly “extensive arsenal of capabilities,” but is particularly dangerous because its prime target is data from browsers built on the Chromium and Gecko engines.

This puts over 100 different browsers at risk, including popular ones such as Chrome, Firefox, Opera, Yandex, Edge, Brave, and many others.

Related: Hackers are exploiting a JavaScript library to plant crypto drainers

Its primary targets are autofill data, such as sign-in credentials, addresses, and payment card details, but it also targets the settings and databases of 115 browser extensions for crypto wallets, password managers, and 2FA (two-factor authentication) services.

Some of the 80 crypto wallets targeted include Binance, Coinbase, Crypto.com, SafePal, Trust Wallet, MetaMask, Ton, Phantom, Nexus, and Exodus.

Kaspersky also said the messaging apps, including Discord, Telegram, Unigram, Pidgin, and Tox, were also at risk, as were email clients, password managers, gaming clients, and even VPN applications.

Avoid pirated software and game mods

To stay protected, Kaspersky recommended using reliable antivirus software and password managers to avoid storing passwords in browsers. It also cautioned against using pirated software and unofficial game mods.

Cloudflare reported last week that more than 5% of all emails sent worldwide contain malicious content, and more than half of those contained a phishing link, while a quarter of all HTML attachments were found to be malicious.

Magazine: Big questions: Would Bitcoin survive a 10-year power outage?

Preguntas relacionadas

QWhat is the name of the new infostealer malware discovered by Kaspersky and what does it target?

AThe new infostealer is called 'Stealka'. It primarily targets data from browsers built on Chromium and Gecko engines, including autofill data (sign-in credentials, addresses, payment card details), and the settings and databases of 115 browser extensions for crypto wallets, password managers, and 2FA services.

QHow is the Stealka malware being distributed to potential victims?

AThe malware is distributed by disguising itself as video game cracks, cheats, and mods. It has been spread through legitimate platforms like GitHub, SourceForge, and Google Sites. Attackers sometimes create entire fake, professional-looking websites to host the malicious software.

QWhich specific types of applications and services are at risk from the Stealka infostealer?

AOver 100 different browsers (Chrome, Firefox, Opera, etc.), 80 crypto wallets (Binance, Coinbase, MetaMask, etc.), messaging apps (Discord, Telegram, etc.), email clients, password managers, gaming clients, and VPN applications are all at risk.

QWhat recommendations does Kaspersky provide to protect against this threat?

AKaspersky recommends using reliable antivirus software, using password managers instead of storing passwords in browsers, and avoiding the use of pirated software and unofficial game mods.

QBeyond game mods, what other type of software is commonly used as a disguise for this malware?

AThe malware is also disguised as software cracks for applications such as Microsoft Visio.

Lecturas Relacionadas

The Essence of AI Layoffs: Why More AI Adoption Leads to More Corporate Anxiety?

The author, awaiting potential inclusion on an 8000-person layoff list, analyzes the true nature of recent "AI-driven" layoffs. They argue that while AI use, particularly tools like Claude for code generation, has skyrocketed and boosted developer output (e.g., 2-5x more code commits), this has not translated into proportional business growth or revenue. The core issue is a misalignment between increased "Input" (code) and tangible "Outcomes" (user value, revenue). AI acts as a costly B2B SaaS, inflating operational expenses without guaranteed returns. Two key problems emerge: 1) The friction that once filtered out bad ideas is gone, as AI allows cheap pursuit of even weak concepts. 2) Organizational "alignment tax"—the difficulty of coordinating across teams—becomes crippling when development velocity outpaces consensus-building. Thus, layoffs serve two immediate purposes: 1) To offset ballooning AI costs (Token consumption) and maintain cash flow, as rising input costs without outcome growth destroys unit economics. 2) To reduce organizational bloat and alignment friction by simply removing teams, thereby speeding up execution in the short term. Therefore, these layoffs are fundamentally caused by AI, even if AI doesn't directly replace roles. They represent a painful correction until companies learn to convert AI-driven productivity into real business outcomes and streamline organizational coordination to match the new pace of work. The cycle will continue until this learning curve is mastered.

marsbitHace 7 min(s)

The Essence of AI Layoffs: Why More AI Adoption Leads to More Corporate Anxiety?

marsbitHace 7 min(s)

Can the Solana Foundation and Google's Collaboration on Pay.sh Bridge the Payment Link Between Web2 and Web3 in the Agent Economy?

Solana Foundation, in collaboration with Google Cloud, has launched Pay.sh, a payment gateway designed to bridge the gap between AI agents and enterprise-grade service infrastructure. The initiative aims to solve a key bottleneck in the "agent economy": existing payment systems are ill-suited for autonomous AI agents. Traditional methods like credit cards require human verification, while newer on-chain protocols like x402 and MPP create a separate, Web3-native system that raises barriers for service providers. Pay.sh functions as a universal payment layer. It allows users to fund a Solana wallet via credit card or stablecoin, which then acts as an identity and payment proxy for AI agents. When an agent needs to access a paid API service (e.g., Google Cloud, Alibaba Cloud), Pay.sh handles the transaction seamlessly. It leverages the HTTP 402 status code ("Payment Required") to initiate payments, intelligently choosing between one-time transfers (x402-style) or session-based authorizations (MPC-style) based on the service's billing model. This spares agents from manual account registration and API key management. A key feature for service providers is low integration effort. They can adopt Pay.sh by providing a declarative configuration file, enabling features like tiered pricing, free tiers, and automatic revenue splitting to multiple addresses (e.g., for royalties, cloud costs). Providers can also list their APIs in a central Pay Skill Registry for agent discovery. The collaboration with Google Cloud provides crucial infrastructure for API proxying, traffic routing, and compliance logging, aiming to keep agent activities within regulated boundaries. By connecting Web2 services with Web3 payment rails, Pay.sh positions the Solana wallet as a foundational identity and payment tool for AI agents, potentially driving more transaction volume to the Solana ecosystem. However, the report notes challenges. The service registry currently lacks robust vetting, risking exposure to unauthorized or malicious third-party APIs. Pay.sh also inherits security and compatibility risks from its underlying payment protocols (x402, MPC). Furthermore, adoption may be hindered by varying regional data privacy and payment compliance regulations among API providers. Despite these hurdles, Pay.sh represents a significant step towards integrating Web2 and Web3 for autonomous agent commerce.

marsbitHace 14 min(s)

Can the Solana Foundation and Google's Collaboration on Pay.sh Bridge the Payment Link Between Web2 and Web3 in the Agent Economy?

marsbitHace 14 min(s)

Bitcoin's Bull-Bear Cycle Indicator Turns Positive for the First Time in 7 Months: End of Bear Market or False Breakout?

Bitcoin's "Bull-Bear Market Cycle Indicator" from CryptoQuant has turned positive for the first time since October 2025. This gauge, based on the P&L Index relative to its 365-day moving average, suggests a potential shift from a bear market phase. Concurrently, the Bull Score Index rose to a neutral reading of 50 in late April. The indicator's move into positive territory follows a roughly 35% price rebound from a low near $60,000 in February to above $81,000. The recovery over approximately three months was faster than the 12-month period observed during the 2022 bear market. However, analysts caution against premature optimism, citing a historical precedent from March 2022. Back then, the Bull Score Index briefly hit 50, but it proved to be a false signal as Bitcoin's price subsequently plunged further. Structural differences exist in the current cycle, including consistent inflows into spot Bitcoin ETFs and an increase in large holder addresses. Yet, some models, referencing the four-year halving cycle, suggest a potential deeper bottom near $50,000 might still be possible around late 2026. In summary, while on-chain data shows marked improvement and the worst panic may be over, market participants remain cautious. A convincing trend reversal confirmation likely requires Bitcoin to sustainably break above key resistance, such as the 200-day moving average near $82,000.

marsbitHace 21 min(s)

Bitcoin's Bull-Bear Cycle Indicator Turns Positive for the First Time in 7 Months: End of Bear Market or False Breakout?

marsbitHace 21 min(s)

Strategy Adds Another 535 Bitcoin As Holdings Approach 820,000 BTC

Strategy has resumed Bitcoin accumulation with a $43 million purchase of 535 BTC, bringing its total holdings to 818,869 BTC and nearing the 820,000 BTC milestone. The company skipped a regular buy last week, and this purchase follows Chairman Michael Saylor's recent hint about potential future BTC sales to fund a dividend, a rare move for the firm. The acquisition was primarily funded through an at-the-market stock offering. Meanwhile, another major corporate holder, Bitmine, has paused its aggressive Ethereum accumulation, having exceeded its initial pace toward holding 5% of the ETH supply. Ethereum's price is currently around $2,300.

bitcoinistHace 27 min(s)

Strategy Adds Another 535 Bitcoin As Holdings Approach 820,000 BTC

bitcoinistHace 27 min(s)

How to Automate Any Workflow with Claude Skills (Complete Tutorial)

This is a comprehensive guide to mastering Claude Skills, a feature for creating permanent, reusable instruction sets that automate specific workflows. Unlike simple saved prompts, Skills function like trained employees, delivering consistent, high-quality outputs by defining the entire task process, standards, error handling, and output format. The guide is structured in four phases: **Phase 1: Installation (5 minutes).** Skills are folders containing a `SKILL.md` file. The user is instructed to find a relevant Skill online, install it, test it on a real task, and compare its performance to one-off prompts. **Phase 2: Building Your First Custom Skill.** Start by rigorously defining the Skill's purpose, trigger phrases, and providing a concrete example of perfect output. The `SKILL.md` file has two parts: a YAML frontmatter with a specific name/description/triggers, and a detailed, step-by-step workflow written in natural language with examples and quality standards. **Phase 3: Testing & Optimization for Production.** Test the Skill in three scenarios: 1) a standard, common task; 2) edge cases with missing or conflicting data; and 3) a pressure test with maximum complexity. Any failure indicates a needed instruction. Implement a weekly optimization cycle to continuously refine the Skill based on real usage. **Phase 4: Building a Complete Skill Library.** The goal is to create a team of Skills for all repetitive tasks. Examples are given for industries like real estate, marketing, finance, consulting, and e-commerce. The user should list their tasks, prioritize them, and build one new Skill per week, maintaining a master document to track their library. The conclusion emphasizes the compounding time savings: ten Skills saving 30 minutes each per week reclaims over 260 hours (6.5 work weeks) per year, fundamentally transforming one's work system.

marsbitHace 45 min(s)

How to Automate Any Workflow with Claude Skills (Complete Tutorial)

marsbitHace 45 min(s)

Trading

Spot

Futuros