Beware of Fake Game Mods: 'Stealka' Malware Targets Crypto Wallets and Passwords

Key Takeaways

• A new infostealer called "Stealka" is being distributed disguised as video game mods, cheats, and pirated software.
• It targets sensitive data from over 100 browsers, including Chrome, Firefox, and Edge, as well as 80+ crypto wallets like MetaMask and Coinbase.
• The malware also threatens messaging apps (Telegram, Discord), password managers, and VPN applications.
• Cybercriminals use legitimate platforms like GitHub and create sophisticated fake websites to spread the threat.
• Protection requires using reliable antivirus software, avoiding pirated programs, and not storing passwords in browsers.

Stealka Malware: A New Threat in Gaming and Crypto Communities

Cybersecurity experts from Kaspersky have uncovered a dangerous new infostealer, dubbed "Stealka," which is actively spreading through the gaming community. This malicious software cleverly disguises itself as popular video game modifications (mods), cheats, and cracks for software like Microsoft Visio, specifically targeting platforms such as Roblox.

How Stealka Operates and Spreads

The primary infection vectors are deceptive downloads hosted on legitimate-seeming platforms. Attackers upload the malware to trusted sites like GitHub, SourceForge, and Google Sites. In some cases, they create entire fake websites that appear professional, potentially using AI tools to enhance their credibility.

"Sometimes, attackers go a step further... creating entire fake websites that look 'quite professional,'" said Kaspersky researcher Artem Ushkov.

Once installed, Stealka activates its extensive data-harvesting capabilities. Its main focus is browsers built on Chromium and Gecko engines, putting a vast array of applications at risk.

What Data is at Risk?

Stealka's "extensive arsenal" is designed to steal a wide range of sensitive information:

• Browser Data: Autofill information, including login credentials, addresses, and payment card details.
• Crypto Wallet Extensions: It targets the settings and databases of 115 browser extensions related to cryptocurrency, including major wallets like Binance, Trust Wallet, Phantom, and Exodus.
• Other Applications: The malware also seeks data from messaging apps (Discord, Telegram), email clients, password managers, and VPN applications.

This makes it a comprehensive threat to both digital assets and personal privacy.

How to Protect Yourself

To defend against threats like Stealka, Kaspersky recommends a proactive security posture:

• Use reputable antivirus software with real-time protection.
• Avoid pirated software and unofficial game mods from unverified sources.
• Employ a dedicated password manager instead of storing passwords in your browser.
• Exercise extreme caution with downloads, even from platforms that are typically trustworthy.

This discovery coincides with broader cybersecurity warnings. For instance, Cloudflare recently reported that over 5% of global emails contain malicious content, highlighting the pervasive nature of digital threats.