New Malware Targeting Crypto Users in Gaming Industry
A new type of malware is being utilized by cybercriminals to compromise the login details of cryptocurrency traders and investors, particularly those involved in the gaming sector. Research conducted by the cybersecurity firm Kaspersky highlights that these hackers are embedding malware into unauthorized modifications for popular games like Roblox to capture sensitive crypto login information from unsuspecting users.
Introduction of Stealka Malware
Kaspersky has identified a novel infostealer known as Stealka, which has appeared on various distribution platforms, including GitHub, SourceForge, Softpedia, and sites.google.com. This malware masquerades as unofficial mods, cheats, and cracks for Windows games and other applications, allowing scammers to extract critical login and browser data that they can exploit to access digital assets.
Targeted Browsers and Extensions
The Stealka malware primarily focuses on harvesting data from popular web browsers such as Chrome, Opera, Firefox, Edge, Yandex, and Brave. It is capable of infiltrating the settings and databases of more than 100 browser extensions, including those related to cryptocurrency wallets like Binance, Crypto.com, MetaMask, and Trust Wallet. Additionally, it targets password management tools such as LastPass, NordPass, and 1Password, as well as two-factor authentication applications like Google Authenticator, Authy, and Bitwarden.
Capabilities of Stealka Malware
Moreover, Kaspersky has pointed out that Stealka extends its reach beyond just browser extensions; it can also extract encrypted private keys, seed phrases, and wallet file paths from standalone cryptocurrency wallet applications. This includes widely used platforms such as MyCrypto, MyMonero, Binance, and Exodus, along with various applications for Bitcoin, Ethereum, and other cryptocurrencies.
Insights from Kaspersky’s Cybersecurity Expert
Artem Ushkov, a cybersecurity expert at Kaspersky, reported that the malware was first detected in November through the firm’s endpoint protection solutions for Windows. Stealka is primarily believed to originate from Russia, with its main targets being local users, although incidents have also been recorded in countries like Türkiye, Brazil, Germany, and India.
Advisory for Users to Avoid Scammers
In light of this emerging threat, Kaspersky has advised users to remain vigilant against scams that utilize this malware to extract their credentials. They recommend steering clear of unofficial or pirated game modifications and highlight the importance of employing antivirus solutions from trusted providers. Users are also encouraged to avoid storing sensitive information in browsers and to enable two-factor authentication whenever possible. Additionally, they should use backup codes in most scenarios, ensuring these codes are not saved in browsers or text files.
Watchful Downloading Practices
Users are urged to be cautious about the sources from which they download games and files, as scammers often exploit the desire for free downloads from unofficial platforms. A recent case reported this week involved a Singaporean entrepreneur who lost his entire cryptocurrency portfolio after downloading a counterfeit game. The individual came across a beta test opportunity for a game called MetaToy and, convinced of its authenticity due to its website and Discord activity, downloaded the game launcher. Unfortunately, this led to the installation of malware that erased more than $14,189 worth of cryptocurrency from his system.
Assessment of Stealka’s Impact
While Stealka poses a significant threat by enabling the theft of personal information and digital assets, the full extent of its impact remains uncertain. According to Ushkov, there is currently no data indicating that the malware has caused substantial losses. He stated, “We are not aware of the amount of crypto that has been stolen using it. Our solutions protect against this threat: all detected Stealka malware was blocked by our solutions.” This leaves the exact scale of any potential thefts by scammers using the malware unclear.
