Video game mods are spreading new ‘Stealka’ crypto infostealer: Kaspersky

cointelegraph2025-12-22 tarihinde yayınlandı2025-12-22 tarihinde güncellendi

Özet

A new malware called "Stealka" is targeting cryptocurrency wallets and browser extensions by disguising itself as video game cheats, mods, and software cracks, according to Kaspersky. The infostealer, discovered in November, is distributed through legitimate platforms like GitHub and Google Sites, and sometimes via fake professional-looking websites. It primarily targets Chromium and Gecko-based browsers—including Chrome, Firefox, and Edge—and steals autofill data, login credentials, and payment details. It also specifically targets 115 browser extensions related to crypto wallets, 2FA services, and password managers, including Binance, MetaMask, Trust Wallet, and Coinbase. Kaspersky advises using reliable antivirus software, avoiding pirated software and unofficial mods, and refraining from storing passwords in browsers.

New malware has been discovered that targets crypto wallets and browser extensions while disguising itself as game cheats and mods, says cybersecurity firm Kaspersky.

Kaspersky reported on Thursday that it had uncovered a new infostealer dubbed “Stealka,” which targets Microsoft Windows user data.

Attackers have used the malware, which was discovered in November, to hijack accounts, steal cryptocurrency, and install crypto miners on their victims’ computers while masquerading as video game cracks, cheats, and mods.

The malicious software has been distributed through legitimate platforms like GitHub, SourceForge, and Google Sites, and disguised as game mods, especially for Roblox, and software cracks for applications such as Microsoft Visio.

Sometimes, attackers go a step further, possibly using artificial intelligence tools, and creating entire fake websites that look “quite professional,” said Kaspersky researcher Artem Ushkov.

*A fake website pretending to offer Roblox scripts, Source: Kaspersky*

Crypto wallets and extensions targeted

Ushkov noted that Stealka has a fairly “extensive arsenal of capabilities,” but is particularly dangerous because its prime target is data from browsers built on the Chromium and Gecko engines.

This puts over 100 different browsers at risk, including popular ones such as Chrome, Firefox, Opera, Yandex, Edge, Brave, and many others.

Related: Hackers are exploiting a JavaScript library to plant crypto drainers

Its primary targets are autofill data, such as sign-in credentials, addresses, and payment card details, but it also targets the settings and databases of 115 browser extensions for crypto wallets, password managers, and 2FA (two-factor authentication) services.

Some of the 80 crypto wallets targeted include Binance, Coinbase, Crypto.com, SafePal, Trust Wallet, MetaMask, Ton, Phantom, Nexus, and Exodus.

Kaspersky also said the messaging apps, including Discord, Telegram, Unigram, Pidgin, and Tox, were also at risk, as were email clients, password managers, gaming clients, and even VPN applications.

Avoid pirated software and game mods

To stay protected, Kaspersky recommended using reliable antivirus software and password managers to avoid storing passwords in browsers. It also cautioned against using pirated software and unofficial game mods.

Cloudflare reported last week that more than 5% of all emails sent worldwide contain malicious content, and more than half of those contained a phishing link, while a quarter of all HTML attachments were found to be malicious.

Magazine: Big questions: Would Bitcoin survive a 10-year power outage?

İlgili Sorular

QWhat is the name of the new infostealer malware discovered by Kaspersky and what does it target?

AThe new infostealer is called 'Stealka'. It primarily targets data from browsers built on Chromium and Gecko engines, including autofill data (sign-in credentials, addresses, payment card details), and the settings and databases of 115 browser extensions for crypto wallets, password managers, and 2FA services.

QHow is the Stealka malware being distributed to potential victims?

AThe malware is distributed by disguising itself as video game cracks, cheats, and mods. It has been spread through legitimate platforms like GitHub, SourceForge, and Google Sites. Attackers sometimes create entire fake, professional-looking websites to host the malicious software.

QWhich specific types of applications and services are at risk from the Stealka infostealer?

AOver 100 different browsers (Chrome, Firefox, Opera, etc.), 80 crypto wallets (Binance, Coinbase, MetaMask, etc.), messaging apps (Discord, Telegram, etc.), email clients, password managers, gaming clients, and VPN applications are all at risk.

QWhat recommendations does Kaspersky provide to protect against this threat?

AKaspersky recommends using reliable antivirus software, using password managers instead of storing passwords in browsers, and avoiding the use of pirated software and unofficial game mods.

QBeyond game mods, what other type of software is commonly used as a disguise for this malware?

AThe malware is also disguised as software cracks for applications such as Microsoft Visio.

İlgili Okumalar

Australia’s High Court Hands ASIC Major Win In Block Earner Crypto Yield Case

Australia's High Court unanimously ruled in favor of the securities regulator ASIC in a case against crypto platform Block Earner. The court determined that Block Earner's historical 'Earner' fixed-yield product was a financial product and a derivative, requiring an Australian Financial Services Licence. This landmark decision establishes that crypto yield products promising structured returns can fall under existing financial services law, regardless of their digital asset nature. While the specific product is no longer offered, the ruling sets a significant precedent for how similar crypto investment and derivative-like offerings will be regulated in Australia. The case now returns to a lower court to determine penalties against Block Earner.

bitcoinist1 saat önce

Australia’s High Court Hands ASIC Major Win In Block Earner Crypto Yield Case

bitcoinist1 saat önce

Blockchain.com Expands Tokenized Stock Access Through Ondo Finance

Blockchain.com has expanded its partnership with Ondo Finance to integrate tokenized U.S. stocks and ETFs into its wallet ecosystem. This move allows eligible, primarily non-U.S., users to access traditional financial assets through a familiar crypto-native interface, blending real-world asset exposure with existing crypto holdings like stablecoins and DeFi tools. Ondo Finance, a key player in tokenizing assets like Treasuries and equities, gains a significant distribution channel through Blockchain.com's large user base. The partnership highlights the industry trend of making tokenized assets as accessible as ordinary crypto tokens, targeting global audiences who may face barriers using traditional brokerage services. While the tokenized real-world asset (RWA) market grows increasingly competitive, questions remain around custody, regulation, and market structure. Blockchain.com and Ondo are betting that seamless wallet integration can address these challenges and drive broader adoption.

bitcoinist3 saat önce

Blockchain.com Expands Tokenized Stock Access Through Ondo Finance

bitcoinist3 saat önce

CPU Makes a Comeback to the Table, A $170 Billion "Power Seizure" Drama Begins

A new era is dawning for the server CPU (Central Processing Unit), driven by the shift from AI model training to large-scale reasoning and the rise of Agentic AI. This article explores how the CPU is reclaiming a central role in the AI data center. For years, the focus has been on the GPU (Graphics Processing Unit) for AI training. However, as AI moves to the inference and Agent phase—where tasks involve complex, multi-step reasoning, tool calls, and data management—the workload balance is flipping. Studies show CPUs now handle over 70% of the workload in Agentic AI, up from 10-30% in training. This is because Agent tasks generate massive intermediate data (KV Cache) that exceeds GPU memory, forcing it to be offloaded to the CPU's larger, more scalable memory pools. This increased importance is translating into market changes. Major players are taking note: NVIDIA launched its first standalone CPU line, Vera, based on ARM architecture and optimized for Agent performance. AMD doubled its server CPU market forecast to over $1200 billion by 2030. Analyst reports project the total server CPU market could reach $1700 billion by 2030, with AI-driven demand being a primary driver. Furthermore, the classic ratio of CPUs to GPUs in AI servers is rapidly changing, converging from 1:8 toward 1:1 for Agent deployments. This surge in demand has led to a rare industry-wide price increase of 10-15% for server CPUs from Intel and AMD, breaking a decade-long trend of "more performance for the same price." Demand is bifurcating into high-core-count CPUs for in-rack GPU support and moderate-core CPUs for standalone Agent task orchestration. In China, this global trend presents an opportunity for domestic CPU manufacturers like Hygon (海光信息) and Huawei Kunpeng, who are bolstered by both growing AI infrastructure needs and national policies promoting technological self-reliance ("xin chuang"). The maturity of their software ecosystems is also accelerating, evidenced by faster adaptation to new AI models. In conclusion, the narrative is shifting from a GPU-centric view to one where CPU-GPU synergy is critical. The CPU is no longer a peripheral component but a performance-defining bottleneck and a key growth driver in the AI hardware stack, opening a massive new market estimated in the hundreds of billions of dollars.

marsbit4 saat önce

CPU Makes a Comeback to the Table, A $170 Billion "Power Seizure" Drama Begins

marsbit4 saat önce

TechFlow Intelligence: AMD AI Director Publicly Criticizes Claude Code for "Becoming Dumber and Lazier", Trump Claims Full Ceasefire in Hormuz But Strait Still Has 80 Unexploded Mines

TechFlow Intelligence Report: This daily digest covers key developments in AI, crypto, hardware, and geopolitics. In AI, SK Telecom faces US export control scrutiny over its partnership with Anthropic, while a Gemini user reports being misled in a scam scenario, sparking safety debates. China's Z.AI launches the GLM-5.2 model, rivaling Claude Opus without NVIDIA chips. In crypto, Bithumb lists ReProtocol, and Upbit delists KernelDAO. On the hardware front, MIT researchers build a custom OS to study chips, ASML denies US claims its advanced lithography machines are in China, and Amazon considers selling its in-house AI chips. Apple's future A21 Pro chip may use TSMC's latest N2P process. Major tech issues include 10,000 GitHub repositories distributing malware and Apple patching a critical eavesdropping flaw in Beats earbuds. US stocks rise, led by semiconductors, with Intel surging 10.6%, while SpaceX falls 3.5%. Geopolitically, despite a US-Iran deal, the Strait of Hormuz remains risky with ~80 uncleared mines, stalling 80M barrels of oil on standby tankers. Iran postpones Switzerland talks, and Trump calls the agreement an "unconditional surrender." The report highlights a contrast: temporary geopolitical calm versus the ongoing, fundamental restructuring of tech supply chains and chip independence.

marsbit4 saat önce

TechFlow Intelligence: AMD AI Director Publicly Criticizes Claude Code for "Becoming Dumber and Lazier", Trump Claims Full Ceasefire in Hormuz But Strait Still Has 80 Unexploded Mines

marsbit4 saat önce

South Korea Moves to Regulate Cross-Border Crypto Transfers Under New Framework

South Korea is expanding its regulatory framework for cross-border virtual asset transfers, set to launch in December, by including fintech companies. Under the new rules, firms conducting such transfers must register with the Ministry of Economy and Finance and report transactions through the foreign exchange system. The move aims to bring previously unsupervised crypto transfers under formal oversight to address money laundering and crime risks. While initial expectations were that major crypto exchanges like Upbit would dominate the new licensing system, regulators now plan to extend eligibility to non-traditional entities, including fintech firms, if they can efficiently perform transfers. Authorities are finalizing implementation rules with industry stakeholders ahead of the December launch. This framework is part of broader efforts to strengthen digital asset oversight in South Korea, which includes developing rules for tokenized securities, potentially subjecting them to securities taxes.

TheNewsCrypto5 saat önce

South Korea Moves to Regulate Cross-Border Crypto Transfers Under New Framework

TheNewsCrypto5 saat önce

İşlemler

Spot

Futures