Crypto Theft Hides In Plain Sight Inside Popular Game Mods—Kaspersky

bitcoinistPublicado em 2025-12-23Última atualização em 2025-12-23

Resumo

Kaspersky warns of a new infostealer malware called "Stealka" distributed through fake video game mods and cracked software, primarily targeting Windows users. Disguised as cheats or utility cracks for popular titles like Roblox or Microsoft Visio, the malware is hosted on platforms like GitHub and Google Sites to appear legitimate. Once executed, Stealka steals browser data, saved passwords, and cryptocurrency wallet information—targeting over 115 browser extensions including MetaMask, Binance Wallet, and Coinbase. It collects private keys, seed phrases, and autofill data, enabling account takeovers and further malicious spread. Detected initially in Russia, Turkey, Brazil, Germany, and India, the malware is sometimes bundled with cryptomining code. Users are advised to avoid unofficial software, use antivirus tools, enable two-factor authentication, and verify file checksums before installation.

Kaspersky has warned that a new infostealer called “Stealka” is being spread through bogus video game mods and cracked software, putting crypto users and gamers at risk.

The malware was identified in November 2025 and is delivered as what looks like harmless game add-ons or utility cracks. Systems running Windows are the main target.

Attackers Hide Malware In Mods

Reports have disclosed that Stealka is disguised as cheats, mods and cracks for popular titles, with fake packages posted to places users normally trust. Files have been seen on GitHub, SourceForge, Softpedia and Google Sites, which helps the downloads look legitimate.

In some cases, the malware was packaged as a Roblox mod or as a cracked copy of Microsoft Visio. According to Kaspersky, the campaign uses convincing websites and may employ automated tools to create professional pages that trick people into clicking download links.

Data And Wallets Targeted

Once run, Stealka searches for browser data, saved passwords and crypto wallet information. Based on reports, it targets more than 115 browser extensions tied to wallets, password managers and two-factor apps.

Extensions for MetaMask, Binance Wallet, Coinbase and other popular wallets are among those at risk. Private keys, seed phrases and wallet file paths can be exposed on an infected machine, and stored browser cards and autofill entries are also collected.

Total crypto market cap currently at $3.01 trillion. Chart: TradingView

Victims’ accounts can be taken over using the stolen credentials, and that access can then be used to push further malicious links to friends or followers.

How The Threat Spreads And Where It’s Seen

Kaspersky’s telemetry shows initial detections in Russia, with additional cases reported in Turkey, Brazil, Germany and India.

Distribution methods vary. Sometimes a single download bundle carries Stealka; other times it is paired with cryptominer code so infected computers also mine cryptocurrency for the attackers.

Files hosted on trusted developer portals make it harder for users to spot danger, and the malware’s wide reach means standard precautions can still be bypassed if users ignore basic safety steps.

Recommendations For Users

According to cybersecurity advisories, avoid unofficial or pirated software and only download mods from verified, trusted creators. Use a reputable antivirus product and keep it updated.

Password managers are recommended over saving credentials in browsers, and two-factor authentication should be enabled for crypto accounts when available.

Keep Windows and applications patched, and check that a downloaded file’s checksum or digital signature matches the developer’s published value before running installers.

Featured image from Kaspersky, chart from TradingView

Perguntas relacionadas

QWhat is the name of the new infostealer malware being spread through fake game mods and cracked software?

AThe new infostealer malware is called 'Stealka'.

QWhich operating systems are the primary target of the Stealka malware?

ASystems running Windows are the main target of the Stealka malware.

QWhat types of sensitive information does the Stealka malware steal from infected computers?

AStealka steals browser data, saved passwords, crypto wallet information, private keys, seed phrases, wallet file paths, stored browser cards, and autofill entries.

QName at least two trusted online platforms where the fake packages containing the malware were found.

AFake packages containing the malware were found on GitHub, SourceForge, Softpedia, and Google Sites.

QWhat are two key security recommendations provided to protect against this threat?

ATwo key recommendations are to avoid unofficial or pirated software and to use a reputable, updated antivirus product. Additionally, using password managers and enabling two-factor authentication for crypto accounts is advised.

Leituras Relacionadas

$500 to Buy OpenAI Stock: Silicon Valley's Most Respectable Liquidity Invitation

Silicon Valley's largest venture capital platform, AngelList, has launched a new fund called USVC, allowing U.S. retail investors to buy into high-profile AI companies like OpenAI, Anthropic, and xAI with a minimum investment of $500—no accredited investor status required. Promoted by AngelList co-founder Naval Ravikant, the fund is framed as an opportunity for ordinary people to access high-growth private tech investments traditionally reserved for VCs. However, critics argue it functions more like an exit vehicle for early insiders. USVC acquires shares not through primary rounds but largely via secondary transactions—purchasing stakes from early investors, VC funds, and employees looking to cash out at peak valuations. With companies like xAI heavily weighted in the portfolio, the fund effectively channels retail money into providing liquidity for insiders who entered at much lower valuations. The fund’s structure raises concerns: shares are illiquid, with no secondary market, and buybacks are limited and discretionary. The actual annual fee reaches 3.61%, far above the advertised 1% management fee. This model parallels the "low float, high fully diluted valuation" strategy seen in crypto, where early investors profit by selling to latecomers at inflated prices. The timing—alongside similar moves by platforms like Robinhood—suggests that Silicon Valley’s sudden interest in retail inclusion may be less about democratizing access and more about securing exits for insiders.

marsbitHá 31m

$500 to Buy OpenAI Stock: Silicon Valley's Most Respectable Liquidity Invitation

marsbitHá 31m

Bitcoin Approaches $80,000 Mark, ETF Funds Continue Inflow, Is the Crypto Market Shifting?

Bitcoin is approaching the $80,000 mark, reaching a new high since February, while Ethereum remains around $2,400 with some altcoins surging significantly. Over the past 24 hours, $462 million in futures contracts were liquidated, with shorts accounting for $353 million. The market fear and greed index has risen to 60, indicating neutral sentiment. Global risk assets continue to rebound, with U.S. stock markets hitting record highs. The S&P 500, Nasdaq, and Dow Jones all saw gains. Meanwhile, the U.S. dollar index remains stable around 98.61. Geopolitical developments, including a temporary extension of the U.S.-Iran ceasefire, have influenced market dynamics, though tensions persist. Bitcoin spot ETFs have seen six consecutive days of net inflows, with a peak single-day inflow of $663.91 million. Ethereum spot ETFs also recorded nine straight days of net inflows. Stablecoin market capitalization has risen to $320.6 billion, with a weekly net inflow of $635 million. Market analysts note that Bitcoin's recovery is supported by renewed spot demand and ETF inflows. However, high realized profits and low volatility suggest caution, with resistance expected near $80,000. Institutional and ETF-driven demand is strengthening market support, indicating a potential shift toward a new trading range with increased upward momentum.

marsbitHá 32m

Bitcoin Approaches $80,000 Mark, ETF Funds Continue Inflow, Is the Crypto Market Shifting?

marsbitHá 32m

Anthropic Survey of 80,000 Claude Users: Those Who Use AI to Improve Efficiency the Fastest Feel the Least Secure About the Future

Anthropic surveyed 81,000 Claude users and found a paradox: those who benefit most from AI efficiency gains—like programmers and designers—are also the most anxious about being replaced by AI. Early-career workers expressed greater job insecurity than senior professionals. High-wage and low-wage occupations reported the largest productivity improvements, often through task scope expansion. Nearly half of users cited expanded capabilities as the key benefit, while 40% highlighted increased speed. However, those experiencing the greatest speed boosts reported higher levels of anxiety about job displacement. The findings suggest that AI’s economic impact is already affecting the labor market psychologically, even as many individuals report personal gains from AI use.

marsbitHá 1h

Anthropic Survey of 80,000 Claude Users: Those Who Use AI to Improve Efficiency the Fastest Feel the Least Secure About the Future

marsbitHá 1h

US Military Confirms Running Bitcoin Node, Four-Star General Calls It a 'Power Projection Tool'

U.S. Indo-Pacific Command (INDOPACOM) Commander Admiral Samuel Paparo has confirmed that the military command is operating a Bitcoin network node and conducting cybersecurity tests using the protocol. In testimonies before the Senate and House Armed Services Committees, Paparo characterized Bitcoin not as a financial asset but as a "computer science tool" and a "tool of national power." He emphasized its value in cybersecurity, particularly the proof-of-work mechanism, which imposes physical costs on attackers and can be applied in both offensive and defensive cyber operations. This marks a significant shift in the Pentagon’s narrative, moving from targeting illicit finance to recognizing Bitcoin as a technology with national security implications. INDOPACOM is not mining Bitcoin but is using the node for monitoring and operational testing. The move signals the U.S. military’s direct participation in the Bitcoin network and reflects growing geopolitical interest in the protocol’s strategic potential.

marsbitHá 1h

US Military Confirms Running Bitcoin Node, Four-Star General Calls It a 'Power Projection Tool'

marsbitHá 1h

Contract Audit Passed, Thermometer Did Not: Polymarket's 'Physical Vulnerability' Moment

According to reports, an individual manipulated temperature sensors at Paris Charles de Gaulle Airport (LFPG) on April 6th and 15th, causing brief, anomalous spikes of over 3°C. These events were allegedly orchestrated to profit from corresponding low-probability bets on the prediction market Polymarket, turning a small investment into approximately $34,000. The French national meteorological service, Météo-France, filed a criminal lawsuit after discovering signs of physical tampering. The attack required minimal technical skill; the perpetrator reportedly used a battery-powered hairdryer to briefly heat the publicly accessible sensor. Polymarket’s market for Paris temperature settles based on the day's highest recorded temperature from a data chain that runs from the physical sensor to Météo-France, to Weather Underground, and finally to its smart contract. In response, Polymarket did not void the profits or make an official statement. It silently changed the data source for its Paris market from LFPG to Le Bourget Airport (LFPB), a location with similarly unprotected sensors. This incident highlights a critical vulnerability: while the smart contracts are audited and secure, the physical data sources feeding them remain exposed and easy to manipulate.

marsbitHá 1h

Contract Audit Passed, Thermometer Did Not: Polymarket's 'Physical Vulnerability' Moment

marsbitHá 1h

Trading

Spot
Futuros

Artigos em Destaque

Como comprar CFG

Bem-vindo à HTX.com!Tornámos a compra de Centrifuge (CFG) simples e conveniente.Segue o nosso guia passo a passo para iniciar a tua jornada no mundo das criptos.Passo 1: cria a tua conta HTXUtiliza o teu e-mail ou número de telefone para te inscreveres numa conta gratuita na HTX.Desfruta de um processo de inscrição sem complicações e desbloqueia todas as funcionalidades.Obter a minha contaPasso 2: vai para Comprar Cripto e escolhe o teu método de pagamentoCartão de crédito/débito: usa o teu visa ou mastercard para comprar Centrifuge (CFG) instantaneamente.Saldo: usa os fundos da tua conta HTX para transacionar sem problemas.Terceiros: adicionamos métodos de pagamento populares, como Google Pay e Apple Pay, para aumentar a conveniência.P2P: transaciona diretamente com outros utilizadores na HTX.Mercado de balcão (OTC): oferecemos serviços personalizados e taxas de câmbio competitivas para os traders.Passo 3: armazena teu Centrifuge (CFG)Depois de comprar o teu Centrifuge (CFG), armazena-o na tua conta HTX.Alternativamente, podes enviá-lo para outro lugar através de transferência blockchain ou usá-lo para transacionar outras criptomoedas.Passo 4: transaciona Centrifuge (CFG)Transaciona facilmente Centrifuge (CFG) no mercado à vista da HTX.Acede simplesmente à tua conta, seleciona o teu par de trading, executa as tuas transações e monitoriza em tempo real.Oferecemos uma experiência de fácil utilização tanto para principiantes como para traders experientes.

204 Visualizações TotaisPublicado em {updateTime}Atualizado em 2026.03.19

Como comprar CFG

O que é WL

I. Introdução ao ProjetoWorldLand é uma L2 ou side chain do Ethereum, concebida como uma solução de baixo para cima para melhorar o ecossistema Ethereum.II. Informação sobre o Token1) Informação BásicaNome do token: WL (WorldLand)III. Links RelacionadosWebsite:https://worldland.foundation/Exploradores:https://bscscan.com/address/0x8aaB31fbc69C92fa53f600910Cf0f215531F8239Redes Sociais:https://x.com/WorldLand_space Nota: A introdução ao projeto provém dos materiais publicados ou fornecidos pela equipa oficial do projeto, que é apenas para referência e não constitui aconselhamento de investimento. A HTX não se responsabiliza por quaisquer perdas diretas ou indiretas resultantes.

173 Visualizações TotaisPublicado em {updateTime}Atualizado em 2026.03.28

O que é WL

Como comprar WL

Bem-vindo à HTX.com!Tornámos a compra de WorldLand (WL) simples e conveniente.Segue o nosso guia passo a passo para iniciar a tua jornada no mundo das criptos.Passo 1: cria a tua conta HTXUtiliza o teu e-mail ou número de telefone para te inscreveres numa conta gratuita na HTX.Desfruta de um processo de inscrição sem complicações e desbloqueia todas as funcionalidades.Obter a minha contaPasso 2: vai para Comprar Cripto e escolhe o teu método de pagamentoCartão de crédito/débito: usa o teu visa ou mastercard para comprar WorldLand (WL) instantaneamente.Saldo: usa os fundos da tua conta HTX para transacionar sem problemas.Terceiros: adicionamos métodos de pagamento populares, como Google Pay e Apple Pay, para aumentar a conveniência.P2P: transaciona diretamente com outros utilizadores na HTX.Mercado de balcão (OTC): oferecemos serviços personalizados e taxas de câmbio competitivas para os traders.Passo 3: armazena teu WorldLand (WL)Depois de comprar o teu WorldLand (WL), armazena-o na tua conta HTX.Alternativamente, podes enviá-lo para outro lugar através de transferência blockchain ou usá-lo para transacionar outras criptomoedas.Passo 4: transaciona WorldLand (WL)Transaciona facilmente WorldLand (WL) no mercado à vista da HTX.Acede simplesmente à tua conta, seleciona o teu par de trading, executa as tuas transações e monitoriza em tempo real.Oferecemos uma experiência de fácil utilização tanto para principiantes como para traders experientes.

235 Visualizações TotaisPublicado em {updateTime}Atualizado em 2026.03.28

Como comprar WL

Discussões

Bem-vindo à Comunidade HTX. Aqui, pode manter-se informado sobre os mais recentes desenvolvimentos da plataforma e obter acesso a análises profissionais de mercado. As opiniões dos utilizadores sobre o preço de A (A) são apresentadas abaixo.

活动图片

Categorias popularesright-arrow

Etiquetas Popularesright-arrow