-640x358.jpg&w=1200&q=75)
Cybersecurity firm Kaspersky has identified a new malware strain spreading through video game mods and pirated software.
The malware, named Stealka, is designed to steal cryptocurrency wallets, browser data and account credentials.
Kaspersky said the infostealer primarily targets users operating on Microsoft Windows systems.
Researchers discovered Stealka in November after analysing suspicious activity linked to compromised gaming files.
Attackers disguise the malware as game cheats, cracks and mods to lure unsuspecting users.
Popular games and software titles have been used as bait to distribute the malicious files.
Kaspersky said Stealka has been hosted on legitimate platforms including GitHub, SourceForge and Google Sites.
The malware has frequently been disguised as mods for Roblox and cracks for applications such as Microsoft Visio.
In some cases, attackers created convincing fake websites to make the downloads appear legitimate.
Some of these sites look quite professional and may even be AI-generated.
Kaspersky researcher Artem Ushkov said.
Stealka is particularly dangerous because it targets browser data stored on Chromium and Gecko-based browsers.
This places more than 100 browsers at risk, including Chrome, Firefox, Edge, Opera, Brave and others.
The malware harvests autofill data such as login credentials, addresses and payment card information.
It also targets databases and settings linked to browser extensions.
Kaspersky said 115 extensions connected to crypto wallets, password managers and two-factor authentication are affected.
The infostealer is capable of draining funds from dozens of cryptocurrency wallets.
Wallets targeted include:
- Binance
- Coinbase
- Crypto.com
- SafePal
- Trust Wallet
- MetaMask
- Ton
- Phantom
- Nexus and
- Exodus.
Messaging applications are also at risk, including Discord, Telegram, Unigram, Pidgin and Tox.
Kaspersky said email clients, VPNs, gaming platforms and password managers may also be compromised.