Video game mods are spreading new ‘Stealka’ crypto infostealer: Kaspersky

cointelegraphPublicado em 2025-12-22Última atualização em 2025-12-22

Resumo

A new malware called "Stealka" is targeting cryptocurrency wallets and browser extensions by disguising itself as video game cheats, mods, and software cracks, according to Kaspersky. The infostealer, discovered in November, is distributed through legitimate platforms like GitHub and Google Sites, and sometimes via fake professional-looking websites. It primarily targets Chromium and Gecko-based browsers—including Chrome, Firefox, and Edge—and steals autofill data, login credentials, and payment details. It also specifically targets 115 browser extensions related to crypto wallets, 2FA services, and password managers, including Binance, MetaMask, Trust Wallet, and Coinbase. Kaspersky advises using reliable antivirus software, avoiding pirated software and unofficial mods, and refraining from storing passwords in browsers.

New malware has been discovered that targets crypto wallets and browser extensions while disguising itself as game cheats and mods, says cybersecurity firm Kaspersky.

Kaspersky reported on Thursday that it had uncovered a new infostealer dubbed “Stealka,” which targets Microsoft Windows user data.

Attackers have used the malware, which was discovered in November, to hijack accounts, steal cryptocurrency, and install crypto miners on their victims’ computers while masquerading as video game cracks, cheats, and mods.

The malicious software has been distributed through legitimate platforms like GitHub, SourceForge, and Google Sites, and disguised as game mods, especially for Roblox, and software cracks for applications such as Microsoft Visio.

Sometimes, attackers go a step further, possibly using artificial intelligence tools, and creating entire fake websites that look “quite professional,” said Kaspersky researcher Artem Ushkov.

A fake website pretending to offer Roblox scripts, Source: Kaspersky

Crypto wallets and extensions targeted

Ushkov noted that Stealka has a fairly “extensive arsenal of capabilities,” but is particularly dangerous because its prime target is data from browsers built on the Chromium and Gecko engines.

This puts over 100 different browsers at risk, including popular ones such as Chrome, Firefox, Opera, Yandex, Edge, Brave, and many others.

Related: Hackers are exploiting a JavaScript library to plant crypto drainers

Its primary targets are autofill data, such as sign-in credentials, addresses, and payment card details, but it also targets the settings and databases of 115 browser extensions for crypto wallets, password managers, and 2FA (two-factor authentication) services.

Some of the 80 crypto wallets targeted include Binance, Coinbase, Crypto.com, SafePal, Trust Wallet, MetaMask, Ton, Phantom, Nexus, and Exodus.

Kaspersky also said the messaging apps, including Discord, Telegram, Unigram, Pidgin, and Tox, were also at risk, as were email clients, password managers, gaming clients, and even VPN applications.

Avoid pirated software and game mods

To stay protected, Kaspersky recommended using reliable antivirus software and password managers to avoid storing passwords in browsers. It also cautioned against using pirated software and unofficial game mods.

Cloudflare reported last week that more than 5% of all emails sent worldwide contain malicious content, and more than half of those contained a phishing link, while a quarter of all HTML attachments were found to be malicious.

Magazine: Big questions: Would Bitcoin survive a 10-year power outage?

Perguntas relacionadas

QWhat is the name of the new infostealer malware discovered by Kaspersky and what does it target?

AThe new infostealer is called 'Stealka'. It primarily targets data from browsers built on Chromium and Gecko engines, including autofill data (sign-in credentials, addresses, payment card details), and the settings and databases of 115 browser extensions for crypto wallets, password managers, and 2FA services.

QHow is the Stealka malware being distributed to potential victims?

AThe malware is distributed by disguising itself as video game cracks, cheats, and mods. It has been spread through legitimate platforms like GitHub, SourceForge, and Google Sites. Attackers sometimes create entire fake, professional-looking websites to host the malicious software.

QWhich specific types of applications and services are at risk from the Stealka infostealer?

AOver 100 different browsers (Chrome, Firefox, Opera, etc.), 80 crypto wallets (Binance, Coinbase, MetaMask, etc.), messaging apps (Discord, Telegram, etc.), email clients, password managers, gaming clients, and VPN applications are all at risk.

QWhat recommendations does Kaspersky provide to protect against this threat?

AKaspersky recommends using reliable antivirus software, using password managers instead of storing passwords in browsers, and avoiding the use of pirated software and unofficial game mods.

QBeyond game mods, what other type of software is commonly used as a disguise for this malware?

AThe malware is also disguised as software cracks for applications such as Microsoft Visio.

Leituras Relacionadas

Splashing Out 27 Billion Yuan, OpenAI Establishes New Company to Accelerate AI Deployment

On May 11th, OpenAI announced the formation of a new company, "OpenAI Deployment Company," with an initial investment of over $4 billion (approximately 27.2 billion RMB). This venture aims to help businesses build and deploy AI solutions. OpenAI is also acquiring the AI consulting firm Toromo to rapidly scale the deployment company's capabilities. This new entity, majority-owned by OpenAI, brings together 19 investment, consulting, and system integration partners, led by TPG with co-lead founding partners including Advent International, Bain Capital, and Brookfield. OpenAI's Chief Revenue Officer, Denise Dresser, stated that while AI is becoming increasingly capable, the current challenge lies in integrating these systems into core business infrastructure and workflows. The deployment company is designed to bridge this gap and translate AI capabilities into operational impact. This move comes as OpenAI emphasizes the next competitive phase will depend on the efficiency of deploying AI in real business scenarios. The company reports over 1 million businesses already use its products and APIs. OpenAI is significantly increasing its investments in computing power, with co-founder Greg Brockman stating the company expects to spend $50 billion on compute this year, a dramatic increase from $3 million in 2017. The announcement follows OpenAI's recent completion of a record $122 billion funding round in late March, led by Amazon, Nvidia, and SoftBank, valuing the company at $852 billion post-money. Major strategic investors committed $110 billion as a base for this round. Concurrently, OpenAI is advancing its core model development. It has shifted focus from its Sora video generator to developing advanced robotics and AI models that interact with the physical world. It has also begun allowing select users access to a new model specialized in identifying software vulnerabilities and is reportedly preparing to launch an enhanced image generation model in the coming weeks. According to reports citing founder Sam Altman, OpenAI is considering an IPO as early as 2027, with a potential valuation around $1 trillion.

marsbitHá 7m

Splashing Out 27 Billion Yuan, OpenAI Establishes New Company to Accelerate AI Deployment

marsbitHá 7m

Arthur Hayes' Latest In-Depth Article: Forget Wars and Inflation, the AI Bubble Is the Biggest Opportunity

In his latest article "The Butterfly Touch," Arthur Hayes argues that the massive capital expenditure (CAPEX) fueling the global AI race, driven by US-China technological competition and nationalism, is creating unprecedented dollar and renminbi liquidity. This monetary expansion, combined with inflationary pressures from geopolitical conflicts like the US-Iran war, is creating a perfect environment for Bitcoin and cryptocurrencies. Hayes believes foreign nations, threatened by supply chain disruptions, will increasingly shift savings from dollar assets to real infrastructure and commodities, forcing the US to maintain loose financial conditions to support its markets. He predicts Bitcoin, backed by "trillions of dollars and yuan that have yet to be printed," is poised for a significant rally, potentially back to $126,000, with the bullish trend accelerating past $90,000. While acknowledging a potential shift in US political sentiment against AI and inflation around the 2028 election, Hayes remains aggressively bullish for now. He advocates investing in cryptocurrencies, specifically mentioning his allocations to Hyperliquid ($HYPE), Zcash ($ZEC), and an upcoming focus on $NEAR due to its "privacy narrative" and potential for a major rally.

marsbitHá 7m

Arthur Hayes' Latest In-Depth Article: Forget Wars and Inflation, the AI Bubble Is the Biggest Opportunity

marsbitHá 7m

Hackers Targeting Your Crypto Just Got An AI Upgrade — Google’s Report Is A Wake-Up Call

Google's Threat Intelligence Group warns that AI is now being weaponized by hackers at an industrial scale, posing a direct threat to cryptocurrency users. The report details a major escalation: threat actors, including state-linked groups, are using AI to develop zero-day exploits and polymorphic malware that evades detection. A key threat is PROMPTSPY, AI-enabled malware capable of autonomous, real-time attacks that can bypass standard two-factor authentication (2FA) by observing and manipulating live authentication sessions. The findings indicate that conventional security measures like 2FA are becoming insufficient against these AI-driven tools. The report recommends advanced protections like hardware security keys and multi-signature wallets as essential for crypto users facing this new threat landscape.

bitcoinistHá 18m

Hackers Targeting Your Crypto Just Got An AI Upgrade — Google’s Report Is A Wake-Up Call

bitcoinistHá 18m

Arthur Hayes' Latest Long-Form: The AI Bubble Represents the Biggest Opportunity

Arthur Hayes argues that the AI investment boom, driven by massive government and corporate capital expenditure (CAPEX) for geopolitical and technological supremacy, represents a historic opportunity for cryptocurrency. He believes the unprecedented money printing by central banks (especially the US and China) to fund this AI arms race, combined with inflationary pressures from global conflict and a shift away from "just-in-time" global supply chains, creates a perfect environment for Bitcoin and crypto assets to thrive. Hayes predicts Bitcoin will surge past $126,000, fueled by this liquidity. He identifies two potential triggers for an AI bubble collapse: a massive, failed AI-related IPO/merger or a political shift against AI and inflation during the 2028 US election. Until then, he advocates aggressive investment in Bitcoin and specific altcoins like NEAR, Hyperliquid ($HYPE), and Zcash ($ZEC), viewing the current period as a prime bullish phase.

链捕手Há 41m

Arthur Hayes' Latest Long-Form: The AI Bubble Represents the Biggest Opportunity

链捕手Há 41m

The Essence of AI Layoffs: Why More AI Adoption Leads to More Corporate Anxiety?

The author, awaiting potential inclusion on an 8000-person layoff list, analyzes the true nature of recent "AI-driven" layoffs. They argue that while AI use, particularly tools like Claude for code generation, has skyrocketed and boosted developer output (e.g., 2-5x more code commits), this has not translated into proportional business growth or revenue. The core issue is a misalignment between increased "Input" (code) and tangible "Outcomes" (user value, revenue). AI acts as a costly B2B SaaS, inflating operational expenses without guaranteed returns. Two key problems emerge: 1) The friction that once filtered out bad ideas is gone, as AI allows cheap pursuit of even weak concepts. 2) Organizational "alignment tax"—the difficulty of coordinating across teams—becomes crippling when development velocity outpaces consensus-building. Thus, layoffs serve two immediate purposes: 1) To offset ballooning AI costs (Token consumption) and maintain cash flow, as rising input costs without outcome growth destroys unit economics. 2) To reduce organizational bloat and alignment friction by simply removing teams, thereby speeding up execution in the short term. Therefore, these layoffs are fundamentally caused by AI, even if AI doesn't directly replace roles. They represent a painful correction until companies learn to convert AI-driven productivity into real business outcomes and streamline organizational coordination to match the new pace of work. The cycle will continue until this learning curve is mastered.

marsbitHá 1h

The Essence of AI Layoffs: Why More AI Adoption Leads to More Corporate Anxiety?

marsbitHá 1h

Trading

Spot
Futuros
活动图片

Categorias popularesright-arrow

Etiquetas Popularesright-arrow