Crypto Theft Hides In Plain Sight Inside Popular Game Mods—Kaspersky

bitcoinist發佈於 2025-12-23更新於 2025-12-23

文章摘要

Kaspersky warns of a new infostealer malware called "Stealka" distributed through fake video game mods and cracked software, primarily targeting Windows users. Disguised as cheats or utility cracks for popular titles like Roblox or Microsoft Visio, the malware is hosted on platforms like GitHub and Google Sites to appear legitimate. Once executed, Stealka steals browser data, saved passwords, and cryptocurrency wallet information—targeting over 115 browser extensions including MetaMask, Binance Wallet, and Coinbase. It collects private keys, seed phrases, and autofill data, enabling account takeovers and further malicious spread. Detected initially in Russia, Turkey, Brazil, Germany, and India, the malware is sometimes bundled with cryptomining code. Users are advised to avoid unofficial software, use antivirus tools, enable two-factor authentication, and verify file checksums before installation.

Kaspersky has warned that a new infostealer called “Stealka” is being spread through bogus video game mods and cracked software, putting crypto users and gamers at risk.

The malware was identified in November 2025 and is delivered as what looks like harmless game add-ons or utility cracks. Systems running Windows are the main target.

Attackers Hide Malware In Mods

Reports have disclosed that Stealka is disguised as cheats, mods and cracks for popular titles, with fake packages posted to places users normally trust. Files have been seen on GitHub, SourceForge, Softpedia and Google Sites, which helps the downloads look legitimate.

In some cases, the malware was packaged as a Roblox mod or as a cracked copy of Microsoft Visio. According to Kaspersky, the campaign uses convincing websites and may employ automated tools to create professional pages that trick people into clicking download links.

Data And Wallets Targeted

Once run, Stealka searches for browser data, saved passwords and crypto wallet information. Based on reports, it targets more than 115 browser extensions tied to wallets, password managers and two-factor apps.

Extensions for MetaMask, Binance Wallet, Coinbase and other popular wallets are among those at risk. Private keys, seed phrases and wallet file paths can be exposed on an infected machine, and stored browser cards and autofill entries are also collected.

Total crypto market cap currently at $3.01 trillion. Chart: TradingView

Victims’ accounts can be taken over using the stolen credentials, and that access can then be used to push further malicious links to friends or followers.

How The Threat Spreads And Where It’s Seen

Kaspersky’s telemetry shows initial detections in Russia, with additional cases reported in Turkey, Brazil, Germany and India.

Distribution methods vary. Sometimes a single download bundle carries Stealka; other times it is paired with cryptominer code so infected computers also mine cryptocurrency for the attackers.

Files hosted on trusted developer portals make it harder for users to spot danger, and the malware’s wide reach means standard precautions can still be bypassed if users ignore basic safety steps.

Recommendations For Users

According to cybersecurity advisories, avoid unofficial or pirated software and only download mods from verified, trusted creators. Use a reputable antivirus product and keep it updated.

Password managers are recommended over saving credentials in browsers, and two-factor authentication should be enabled for crypto accounts when available.

Keep Windows and applications patched, and check that a downloaded file’s checksum or digital signature matches the developer’s published value before running installers.

Featured image from Kaspersky, chart from TradingView

熱門幣種推薦

相關問答

QWhat is the name of the new infostealer malware being spread through fake game mods and cracked software?

AThe new infostealer malware is called 'Stealka'.

QWhich operating systems are the primary target of the Stealka malware?

ASystems running Windows are the main target of the Stealka malware.

QWhat types of sensitive information does the Stealka malware steal from infected computers?

AStealka steals browser data, saved passwords, crypto wallet information, private keys, seed phrases, wallet file paths, stored browser cards, and autofill entries.

QName at least two trusted online platforms where the fake packages containing the malware were found.

AFake packages containing the malware were found on GitHub, SourceForge, Softpedia, and Google Sites.

QWhat are two key security recommendations provided to protect against this threat?

ATwo key recommendations are to avoid unofficial or pirated software and to use a reputable, updated antivirus product. Additionally, using password managers and enabling two-factor authentication for crypto accounts is advised.

你可能也喜歡

解锁20%,1.25亿美元压顶,PUMP顶得住吗?

即使Meme行情降温,Pump.fun依然是Web3领域最能赚钱的协议之一,过去30天收入达2840万美元。平台累计收入约10.5亿美元,并通过回购销毁PUMP代币来支撑价值。然而,PUMP代币近期面临重大考验:首次解锁了占总供应量8.25%(约825亿枚,价值1.25亿美元)的团队和投资者代币,相当于解锁前流通量的20%。尽管今年4月平台曾大规模销毁1290亿枚PUMP,但销毁的是已回购代币,而此次解锁直接增加了市场潜在抛压。 更关键的是,平台用于支撑币价的核心机制——代币回购的力度已大幅减弱。回购比例从100%降至50%,月度回购金额从高峰缩水超80%,6月仅920万美元。按此计算,本次解锁筹码只需卖出约7%就足以抵消一个月的回购买盘。市场还需长期面对后续大量未解锁代币的不确定性。 尽管如此,横向对比其他高收入协议,Pump.fun商业模式稳定,不依赖单一爆款币,只要Meme市场持续交易就能产生收入。PUMP当前市值约6.1亿美元,估值相对未过度炒作。押注PUMP本质上是赌Meme市场的持续活跃以及Pump.fun能守住流量入口。在熊市中,它仍是少数兼具真实收入、用户基础和回购能力的标的之一。短期价格受解锁考验,但长期价值仍取决于平台持续的盈利能力,当前或是长线布局的时机。

Odaily星球日报55 分鐘前

解锁20%,1.25亿美元压顶,PUMP顶得住吗?

Odaily星球日报55 分鐘前

交易

現貨

熱門文章

如何購買O

歡迎來到HTX.com!在這裡,購買O1 exchange (O)變得簡單而便捷。跟隨我們的逐步指南,放心開始您的加密貨幣之旅。第一步:創建您的HTX帳戶使用您的 Email、手機號碼在HTX註冊一個免費帳戶。體驗無憂的註冊過程並解鎖所有平台功能。立即註冊第二步:前往買幣頁面,選擇您的支付方式信用卡/金融卡購買:使用您的Visa或Mastercard即時購買O1 exchange (O)。餘額購買:使用您HTX帳戶餘額中的資金進行無縫交易。第三方購買:探索諸如Google Pay或Apple Pay等流行支付方式以增加便利性。C2C購買:在HTX平台上直接與其他用戶交易。HTX 場外交易 (OTC) 購買:為大量交易者提供個性化服務和競爭性匯率。第三步:存儲您的O1 exchange (O)購買O1 exchange (O)後,將其存儲在您的HTX帳戶中。您也可以透過區塊鏈轉帳將其發送到其他地址或者用於交易其他加密貨幣。第四步:交易O1 exchange (O)在HTX的現貨市場輕鬆交易O1 exchange (O)。前往您的帳戶,選擇交易對,執行交易,並即時監控。HTX為初學者和經驗豐富的交易者提供了友好的用戶體驗。

239 人學過發佈於 2026.06.19更新於 2026.06.29

如何購買O

如何購買PROS

歡迎來到HTX.com!在這裡,購買Pharos (PROS)變得簡單而便捷。跟隨我們的逐步指南,放心開始您的加密貨幣之旅。第一步:創建您的HTX帳戶使用您的 Email、手機號碼在HTX註冊一個免費帳戶。體驗無憂的註冊過程並解鎖所有平台功能。立即註冊第二步:前往買幣頁面,選擇您的支付方式信用卡/金融卡購買:使用您的Visa或Mastercard即時購買Pharos (PROS)。餘額購買:使用您HTX帳戶餘額中的資金進行無縫交易。第三方購買:探索諸如Google Pay或Apple Pay等流行支付方式以增加便利性。C2C購買:在HTX平台上直接與其他用戶交易。HTX 場外交易 (OTC) 購買:為大量交易者提供個性化服務和競爭性匯率。第三步:存儲您的Pharos (PROS)購買Pharos (PROS)後,將其存儲在您的HTX帳戶中。您也可以透過區塊鏈轉帳將其發送到其他地址或者用於交易其他加密貨幣。第四步:交易Pharos (PROS)在HTX的現貨市場輕鬆交易Pharos (PROS)。前往您的帳戶,選擇交易對,執行交易,並即時監控。HTX為初學者和經驗豐富的交易者提供了友好的用戶體驗。

220 人學過發佈於 2026.06.22更新於 2026.06.29

如何購買PROS

什麼是 VERONA

I. 項目介紹VERONA是第一個為大規模採用而專門建構的 L1。 它已經取得了顯著的進展,擁有數百萬用戶帳戶和超過200個應用程序的生態系統。 VERONA已從 Multicoin、Animoca、Circle、Hashkey、Spartan、Figment 等眾多頂級支持者處籌集了超過3600萬美元。 VERONA消除了所有技術複雜性,使任何用戶都能輕鬆訪問 Web3。VERONA提供了類似 Web2 的用戶體驗,利用協議級實現來處理抽象帳戶、簽名、費用、互操作性等問題,使開發者能夠構建安全、直觀且無縫的用戶體驗。II. 代幣信息1) 代幣基本信息代幣符號:VERONA(Verona)III. 相關鏈接 官網鏈接:https://xion.burnt.com/ 區塊鏈鏈接:https://explorer.burnt.com/ 白皮書鏈接:https://xion.burnt.com/whitepaper.pdf 社交媒體: https://x.com/burnt_xion 注意:項目簡介來自於官方項目團隊所發布或提供的信息資料,可能存在過時、錯誤或遺漏,相關內容僅供參考且不構成投資建議,HTX不會承擔任何依賴這些信息而產生的直接或間接損失。

188 人學過發佈於 2026.06.22更新於 2026.06.22

什麼是 VERONA

相關討論

歡迎來到 HTX 社群。在這裡,您可以了解最新的平台發展動態並獲得專業的市場意見。 以下是用戶對 A (A)幣價的意見。

活动图片