Game mods spread new Stealka crypto infostealer says Kaspersky

Cybersecurity firm Kaspersky has identified a new malware strain spreading through video game mods and pirated software.

The malware, named Stealka, is designed to steal cryptocurrency wallets, browser data and account credentials.

Kaspersky said the infostealer primarily targets users operating on Microsoft Windows systems.

Researchers discovered Stealka in November after analysing suspicious activity linked to compromised gaming files.

Attackers disguise the malware as game cheats, cracks and mods to lure unsuspecting users.

Popular games and software titles have been used as bait to distribute the malicious files.

Kaspersky said Stealka has been hosted on legitimate platforms including GitHub, SourceForge and Google Sites.

The malware has frequently been disguised as mods for Roblox and cracks for applications such as Microsoft Visio.

In some cases, attackers created convincing fake websites to make the downloads appear legitimate.

Some of these sites look quite professional and may even be AI-generated.

Kaspersky researcher Artem Ushkov said.

Stealka is particularly dangerous because it targets browser data stored on Chromium and Gecko-based browsers.

This places more than 100 browsers at risk, including Chrome, Firefox, Edge, Opera, Brave and others.

The malware harvests autofill data such as login credentials, addresses and payment card information.

It also targets databases and settings linked to browser extensions.

Kaspersky said 115 extensions connected to crypto wallets, password managers and two-factor authentication are affected.

The infostealer is capable of draining funds from dozens of cryptocurrency wallets.

Wallets targeted include:

• Binance
• Coinbase
• Crypto.com
• SafePal
• Trust Wallet
• MetaMask
• Ton
• Phantom
• Nexus and
• Exodus.

Messaging applications are also at risk, including Discord, Telegram, Unigram, Pidgin and Tox.

Kaspersky said email clients, VPNs, gaming platforms and password managers may also be compromised.

In addition to stealing data, Stealka can hijack accounts and install crypto miners on infected devices.

Kaspersky warned that the malware’s broad capabilities make detection difficult for inexperienced users.

The firm urged users to avoid pirated software and unofficial game mods.

It also recommended using reputable antivirus software and dedicated password managers.

Kaspersky advised against storing sensitive credentials directly in web browsers.

Separate data from Cloudflare shows that more than 5% of global emails now contain malicious content.

Over half of those malicious emails reportedly include phishing links.

Kaspersky said the rise of infostealers highlights growing cyber risks facing crypto users.