Cybersecurity experts have discovered a new infostealer being distributed to video gamers, designed to steal crypto assets and harm victims in other ways.
Experts at Kaspersky have discovered that the Stealka stealer is disguised as game cracks, cheats, and mods. In addition to hijacking accounts and stealing crypto, it can also run a crypto miner on victims' devices.
According to the findings, Stealka also targets the settings and databases of browser extensions for crypto wallets, putting users of Binance, Coinbase, Crypto.com, Trust Wallet, MetaMask, Phantom, Exodus, and others at risk, in addition to password managers and 2FA services.
"Wallet configurations may contain encrypted private keys, seed-phrase data, wallet file paths, and encryption parameters. That’s enough to at least make an attempt at stealing your cryptocurrency," Kaspersky warned.
The malware is distributed via platforms such as GitHub, SourceForge, Softpedia, and sites.google.com, among others. Potential victims must manually run the file to activate the malware.
Security experts have already found malware designed for Roblox players, while also noting that the same method is being used for Microsoft Visio, a diagramming and vector graphics application.
For example, in the case of Roblox, the malware is disguised as "a blazing-fast, keyless script executor built specifically for Roblox players on PC."
According to Kaspersky, attackers sometimes create entire fake websites that appear quite professional. However, in other cases, the criminals post strangely looking sites that are easier to spot as potentially dangerous.
"<...> the attackers are offering a download for Half-Life 3, while at the same time claiming it’s not actually a game but some kind of "professional software solution designed for Windows," the cybersecurity company said, adding that the attackers use popular search terms to lure users into downloading the same malware, while also pretending that it's been scanned by antivirus engines.
The experts warned that this malware endangers more than a hundred browsers where users store their sensitive autofill information, such as credentials, addresses, and payment card details, which can be used to hijack various accounts.
Furthermore, access to cookies and session tokens can enable criminals to bypass two-factor authentication and hijack accounts without requiring the password.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked