Video game mods are spreading new ‘Stealka’ crypto infostealer: Kaspersky

cointelegraph發佈於 2025-12-22更新於 2025-12-22

文章摘要

A new malware called "Stealka" is targeting cryptocurrency wallets and browser extensions by disguising itself as video game cheats, mods, and software cracks, according to Kaspersky. The infostealer, discovered in November, is distributed through legitimate platforms like GitHub and Google Sites, and sometimes via fake professional-looking websites. It primarily targets Chromium and Gecko-based browsers—including Chrome, Firefox, and Edge—and steals autofill data, login credentials, and payment details. It also specifically targets 115 browser extensions related to crypto wallets, 2FA services, and password managers, including Binance, MetaMask, Trust Wallet, and Coinbase. Kaspersky advises using reliable antivirus software, avoiding pirated software and unofficial mods, and refraining from storing passwords in browsers.

New malware has been discovered that targets crypto wallets and browser extensions while disguising itself as game cheats and mods, says cybersecurity firm Kaspersky.

Kaspersky reported on Thursday that it had uncovered a new infostealer dubbed “Stealka,” which targets Microsoft Windows user data.

Attackers have used the malware, which was discovered in November, to hijack accounts, steal cryptocurrency, and install crypto miners on their victims’ computers while masquerading as video game cracks, cheats, and mods.

The malicious software has been distributed through legitimate platforms like GitHub, SourceForge, and Google Sites, and disguised as game mods, especially for Roblox, and software cracks for applications such as Microsoft Visio.

Sometimes, attackers go a step further, possibly using artificial intelligence tools, and creating entire fake websites that look “quite professional,” said Kaspersky researcher Artem Ushkov.

A fake website pretending to offer Roblox scripts, Source: Kaspersky

Crypto wallets and extensions targeted

Ushkov noted that Stealka has a fairly “extensive arsenal of capabilities,” but is particularly dangerous because its prime target is data from browsers built on the Chromium and Gecko engines.

This puts over 100 different browsers at risk, including popular ones such as Chrome, Firefox, Opera, Yandex, Edge, Brave, and many others.

Related: Hackers are exploiting a JavaScript library to plant crypto drainers

Its primary targets are autofill data, such as sign-in credentials, addresses, and payment card details, but it also targets the settings and databases of 115 browser extensions for crypto wallets, password managers, and 2FA (two-factor authentication) services.

Some of the 80 crypto wallets targeted include Binance, Coinbase, Crypto.com, SafePal, Trust Wallet, MetaMask, Ton, Phantom, Nexus, and Exodus.

Kaspersky also said the messaging apps, including Discord, Telegram, Unigram, Pidgin, and Tox, were also at risk, as were email clients, password managers, gaming clients, and even VPN applications.

Avoid pirated software and game mods

To stay protected, Kaspersky recommended using reliable antivirus software and password managers to avoid storing passwords in browsers. It also cautioned against using pirated software and unofficial game mods.

Cloudflare reported last week that more than 5% of all emails sent worldwide contain malicious content, and more than half of those contained a phishing link, while a quarter of all HTML attachments were found to be malicious.

Magazine: Big questions: Would Bitcoin survive a 10-year power outage?

相關問答

QWhat is the name of the new infostealer malware discovered by Kaspersky and what does it target?

AThe new infostealer is called 'Stealka'. It primarily targets data from browsers built on Chromium and Gecko engines, including autofill data (sign-in credentials, addresses, payment card details), and the settings and databases of 115 browser extensions for crypto wallets, password managers, and 2FA services.

QHow is the Stealka malware being distributed to potential victims?

AThe malware is distributed by disguising itself as video game cracks, cheats, and mods. It has been spread through legitimate platforms like GitHub, SourceForge, and Google Sites. Attackers sometimes create entire fake, professional-looking websites to host the malicious software.

QWhich specific types of applications and services are at risk from the Stealka infostealer?

AOver 100 different browsers (Chrome, Firefox, Opera, etc.), 80 crypto wallets (Binance, Coinbase, MetaMask, etc.), messaging apps (Discord, Telegram, etc.), email clients, password managers, gaming clients, and VPN applications are all at risk.

QWhat recommendations does Kaspersky provide to protect against this threat?

AKaspersky recommends using reliable antivirus software, using password managers instead of storing passwords in browsers, and avoiding the use of pirated software and unofficial game mods.

QBeyond game mods, what other type of software is commonly used as a disguise for this malware?

AThe malware is also disguised as software cracks for applications such as Microsoft Visio.

你可能也喜歡

解锁20%,1.25亿美元压顶,PUMP顶得住吗?

即使Meme行情降温,Pump.fun依然是Web3领域最能赚钱的协议之一,过去30天收入达2840万美元。平台累计收入约10.5亿美元,并通过回购销毁PUMP代币来支撑价值。然而,PUMP代币近期面临重大考验:首次解锁了占总供应量8.25%(约825亿枚,价值1.25亿美元)的团队和投资者代币,相当于解锁前流通量的20%。尽管今年4月平台曾大规模销毁1290亿枚PUMP,但销毁的是已回购代币,而此次解锁直接增加了市场潜在抛压。 更关键的是,平台用于支撑币价的核心机制——代币回购的力度已大幅减弱。回购比例从100%降至50%,月度回购金额从高峰缩水超80%,6月仅920万美元。按此计算,本次解锁筹码只需卖出约7%就足以抵消一个月的回购买盘。市场还需长期面对后续大量未解锁代币的不确定性。 尽管如此,横向对比其他高收入协议,Pump.fun商业模式稳定,不依赖单一爆款币,只要Meme市场持续交易就能产生收入。PUMP当前市值约6.1亿美元,估值相对未过度炒作。押注PUMP本质上是赌Meme市场的持续活跃以及Pump.fun能守住流量入口。在熊市中,它仍是少数兼具真实收入、用户基础和回购能力的标的之一。短期价格受解锁考验,但长期价值仍取决于平台持续的盈利能力,当前或是长线布局的时机。

Odaily星球日报49 分鐘前

解锁20%,1.25亿美元压顶,PUMP顶得住吗?

Odaily星球日报49 分鐘前

交易

現貨
活动图片