Video game mods are spreading new ‘Stealka’ crypto infostealer: Kaspersky

cointelegraphPubblicato 2025-12-22Pubblicato ultima volta 2025-12-22

Introduzione

A new malware called "Stealka" is targeting cryptocurrency wallets and browser extensions by disguising itself as video game cheats, mods, and software cracks, according to Kaspersky. The infostealer, discovered in November, is distributed through legitimate platforms like GitHub and Google Sites, and sometimes via fake professional-looking websites. It primarily targets Chromium and Gecko-based browsers—including Chrome, Firefox, and Edge—and steals autofill data, login credentials, and payment details. It also specifically targets 115 browser extensions related to crypto wallets, 2FA services, and password managers, including Binance, MetaMask, Trust Wallet, and Coinbase. Kaspersky advises using reliable antivirus software, avoiding pirated software and unofficial mods, and refraining from storing passwords in browsers.

New malware has been discovered that targets crypto wallets and browser extensions while disguising itself as game cheats and mods, says cybersecurity firm Kaspersky.

Kaspersky reported on Thursday that it had uncovered a new infostealer dubbed “Stealka,” which targets Microsoft Windows user data.

Attackers have used the malware, which was discovered in November, to hijack accounts, steal cryptocurrency, and install crypto miners on their victims’ computers while masquerading as video game cracks, cheats, and mods.

The malicious software has been distributed through legitimate platforms like GitHub, SourceForge, and Google Sites, and disguised as game mods, especially for Roblox, and software cracks for applications such as Microsoft Visio.

Sometimes, attackers go a step further, possibly using artificial intelligence tools, and creating entire fake websites that look “quite professional,” said Kaspersky researcher Artem Ushkov.

*A fake website pretending to offer Roblox scripts, Source: Kaspersky*

Crypto wallets and extensions targeted

Ushkov noted that Stealka has a fairly “extensive arsenal of capabilities,” but is particularly dangerous because its prime target is data from browsers built on the Chromium and Gecko engines.

This puts over 100 different browsers at risk, including popular ones such as Chrome, Firefox, Opera, Yandex, Edge, Brave, and many others.

Related: Hackers are exploiting a JavaScript library to plant crypto drainers

Its primary targets are autofill data, such as sign-in credentials, addresses, and payment card details, but it also targets the settings and databases of 115 browser extensions for crypto wallets, password managers, and 2FA (two-factor authentication) services.

Some of the 80 crypto wallets targeted include Binance, Coinbase, Crypto.com, SafePal, Trust Wallet, MetaMask, Ton, Phantom, Nexus, and Exodus.

Kaspersky also said the messaging apps, including Discord, Telegram, Unigram, Pidgin, and Tox, were also at risk, as were email clients, password managers, gaming clients, and even VPN applications.

Avoid pirated software and game mods

To stay protected, Kaspersky recommended using reliable antivirus software and password managers to avoid storing passwords in browsers. It also cautioned against using pirated software and unofficial game mods.

Cloudflare reported last week that more than 5% of all emails sent worldwide contain malicious content, and more than half of those contained a phishing link, while a quarter of all HTML attachments were found to be malicious.

Magazine: Big questions: Would Bitcoin survive a 10-year power outage?

Domande pertinenti

QWhat is the name of the new infostealer malware discovered by Kaspersky and what does it target?

AThe new infostealer is called 'Stealka'. It primarily targets data from browsers built on Chromium and Gecko engines, including autofill data (sign-in credentials, addresses, payment card details), and the settings and databases of 115 browser extensions for crypto wallets, password managers, and 2FA services.

QHow is the Stealka malware being distributed to potential victims?

AThe malware is distributed by disguising itself as video game cracks, cheats, and mods. It has been spread through legitimate platforms like GitHub, SourceForge, and Google Sites. Attackers sometimes create entire fake, professional-looking websites to host the malicious software.

QWhich specific types of applications and services are at risk from the Stealka infostealer?

AOver 100 different browsers (Chrome, Firefox, Opera, etc.), 80 crypto wallets (Binance, Coinbase, MetaMask, etc.), messaging apps (Discord, Telegram, etc.), email clients, password managers, gaming clients, and VPN applications are all at risk.

QWhat recommendations does Kaspersky provide to protect against this threat?

AKaspersky recommends using reliable antivirus software, using password managers instead of storing passwords in browsers, and avoiding the use of pirated software and unofficial game mods.

QBeyond game mods, what other type of software is commonly used as a disguise for this malware?

AThe malware is also disguised as software cracks for applications such as Microsoft Visio.

Letture associate

Playnance’s $GCOIN Lists on KoinBX Amid Rapid Growth in India

Playnance's native token, $GCOIN, has been listed on the cryptocurrency exchange KoinBX as of June 18. This move aims to enhance accessibility for its rapidly growing community, particularly in India, where the blockchain-powered Web3 iGaming ecosystem has gained significant traction. Over 130 partners in Playnance's "Be the Boss" program have built communities engaging thousands of active players in the region. The "Be the Boss" model allows participants to create and manage their own gaming communities, earning rewards tied to community activity. CEO Pini Peter noted India's high engagement, with community leaders successfully building player networks. One partner, Dr. Nicolas, reported earning over $57,000 through the program in recent months, highlighting both the financial rewards and the opportunity to grow an engaged community. $GCOIN serves as the ecosystem's core utility token, incentivizing participation and aligning the interests of players and community leaders ("Bosses"). The listing on KoinBX is part of Playnance's strategy to expand globally, increasing the token's utility and accessibility by combining community ownership, gamified engagement, and blockchain-based incentives. Founded in 2020, Playnance is a Web3 iGaming infrastructure company focused on creating live, non-custodial, on-chain products to onboard mainstream users. It currently processes approximately one million transactions daily, aiming to simplify the user experience while maintaining full on-chain transparency.

TheNewsCrypto36 min fa

Playnance’s $GCOIN Lists on KoinBX Amid Rapid Growth in India

TheNewsCrypto36 min fa

STRC Hits Historic Low, Saylor's Perpetual Motion Machine Grinds to a Halt

STRC, the perpetual preferred stock issued by MicroStrategy to fund its Bitcoin purchases, hit a historic low of $85.32, a 17% discount to its $100 par value. Designed as a "digital credit engine" to trade stably near par and enable continuous share issuance for buying Bitcoin, its plunge signals a breakdown in this model. Three key factors drove the decline: 1. Bitcoin's price fell over 50% from its peak, trading around $63,000 amid hawkish Fed signals. 2. MicroStrategy's cash reserves were depleted after a $1.5 billion convertible note repayment, slashing the dividend coverage for STRC's 11.5% yield to ~7 months. The company then sold 32 BTC to cover dividends—Michael Saylor's first Bitcoin sale since 2022—damaging the "never sell" narrative. 3. A competing Bitcoin-backed preferred stock, Strive's SATA, offers a higher yield (~13%) and daily dividends, drawing investors away from STRC. The drop triggers a negative cycle: STRC below par halts ATM share issuances, cutting off a key funding source for Bitcoin buys and potentially forcing more BTC sales for dividends, further eroding confidence. While Saylor argues the model is mathematically sound—needing only 2.3% annual Bitcoin growth to sustain itself—the market is testing the resilience of the leveraged Bitcoin treasury strategy in a bear market. The STRC price now reflects rising skepticism about this financial machinery's durability during downturns.

marsbit57 min fa

STRC Hits Historic Low, Saylor's Perpetual Motion Machine Grinds to a Halt

marsbit57 min fa

A Guide to Grayscale’s ‘Bottom Fishing’: Using Cash Flow to Assess Cryptocurrency Value

**Title:** Grayscale's Guide to Bottom-Fishing: Valuing Cryptoassets Using Cash Flows **Summary:** This report by Grayscale Research presents a fundamental valuation framework for cryptocurrency assets, moving beyond pure speculation to analyze those with underlying cash flows. It distinguishes between "commodity-like" assets (e.g., Bitcoin) and "cash-flow" assets, primarily within DeFi. Using the leading decentralized lending protocol Aave as a case study, the analysis applies traditional financial methodologies like Discounted Cash Flow (DCF) and Price-to-Earnings (P/E) multiples. Key findings indicate that AAVE tokens are currently undervalued. Despite recent challenges, the protocol's strong revenue growth, ~50% net profit margin, and diversified treasury support a fundamental valuation range of $80-$100 per token (compared to a ~$75 market price at the time of writing). In a base-case scenario driven by stablecoin adoption and regulatory clarity, the fair value could rise to around $175 within a year. The report emphasizes that protocol success does not automatically translate to token value. It critically examines the "value capture" mechanisms—such as buybacks, burns, and staking rewards—that channel protocol profits to token holders. Furthermore, it addresses the legal and governance complexities of Decentralized Autonomous Organizations (DAOs), noting their difference from traditional corporate equity but highlighting how robust, transparent governance can align protocol economics with holder interests. The conclusion is that the crypto market is maturing, with capital increasingly flowing towards projects with demonstrable fundamentals, real adoption, and disciplined capital allocation, creating opportunities for value-based investors.

marsbit2 h fa

A Guide to Grayscale’s ‘Bottom Fishing’: Using Cash Flow to Assess Cryptocurrency Value

marsbit2 h fa

After semiconductors lead the gains, are funds buying into AI orders or a macroeconomic rebound?

After US-Iran talks led to a temporary ceasefire and framework for reopening the strategic Strait of Hormuz, U.S. stocks rose on June 18, with the Nasdaq gaining 1.9%. The semiconductor and AI hardware sectors outperformed. This rally stemmed primarily from reduced geopolitical risk, which lowered oil prices and inflation expectations, easing discount rate pressure on high-valuation growth stocks like tech. The key question is not whether tech rebounded, but the nature of the rebound. The market appears to be selectively repricing AI infrastructure plays rather than broadly chasing AI narratives. Gains were concentrated in chips, optical interconnects, memory, and domestic manufacturing—segments tied to tangible data center build-outs and capital expenditure. Intel's ~10% surge, fueled by a Trump statement about potential Apple collaboration, exemplifies this mixed dynamic. It reflects policy catalysts and domestic manufacturing sentiment more than confirmed fundamentals. Meanwhile, strong earnings from companies like Astera Labs (revenue up 93% YoY) provided concrete evidence of AI-driven demand in hardware. In essence, the rally represents a risk-premium recalibration. Lower Middle East tensions opened a valuation repair window, and capital flowed first into AI infrastructure segments with visible near-term revenue streams. The sustainability of this move hinges on upcoming Q2 earnings, specifically continued strength in cloud provider capex, AI server orders, and hardware company guidance. Policy hopes alone are insufficient; the cycle needs validation from orders and financials.

marsbit2 h fa

After semiconductors lead the gains, are funds buying into AI orders or a macroeconomic rebound?

marsbit2 h fa

Kraken Adds Solana On-Chain Token Trading Directly Inside Its App

Kraken has integrated on-chain Solana token trading directly into its main app, eliminating the need for users to use a separate wallet or manage seed phrases. Eligible customers in the U.S. and over 100 countries can now trade approximately 2,500 verified Solana-based tokens within the familiar Kraken interface. This move aims to simplify decentralized trading by using embedded wallet technology from Privy and Solana DEX protocols to handle transactions in the background, while displaying on-chain holdings alongside centralized exchange balances. The exchange chose Solana due to its fast-moving token markets and retail trader familiarity, offering access to assets that often appear on-chain before centralized listings. However, Kraken clarifies that these on-chain tokens have not undergone the same review process as centralized listings, meaning market risks remain. This integration reflects a broader trend of major exchanges incorporating DeFi features to retain users who seek early access to new tokens. While not replacing advanced DeFi wallets, Kraken's solution seeks to make on-chain trading more accessible to a mainstream retail audience.

bitcoinist2 h fa

Trading

Spot

Futures