Kaspersky: Stealka infostealer dey target MetaMask, Coinbase and over 80 wallets via fake game mods

Kaspersky don find one new infostealer wey dem dey call Stealka, e dey spread through fake game cheats, mods and pirated software wey dem host for trusted developer portals (GitHub, SourceForge, Softpedia, Google Sites). The malware need make person manually download and run malicious installers wey bundle with fake mods and cracked apps. Once e run for Windows, Stealka go collect browser data, saved passwords and crypto wallet artifacts, e dey target over 100 Chromium- and Gecko-based browsers (Chrome, Firefox, Edge, Brave, Opera) and more than 80 crypto wallets and extensions — including MetaMask, Coinbase Wallet, Binance Wallet, Phantom and Trust Wallet. E dey exfiltrate private keys, seed phrases, wallet file paths and extension data (Kaspersky report say e target 115+ wallet, password manager and 2FA extensions), plus credentials and data from messaging apps (Discord, Telegram), email clients (Outlook, Thunderbird), VPNs (ProtonVPN, Surfshark) and note apps. Some bundles also dey deploy cryptominers, wey fit cause performance and resource risks. Telemetry show say detections start for Russia with cases for Turkey, Brazil, Germany and India. Kaspersky advice for crypto users: no dey use pirated or unofficial downloads and game cheat sites; get mods only from verified creators; check file checksums or digital signatures; keep Windows and apps patched; run reputable antivirus/EDR; use dedicated password managers and turn on two-factor authentication; and for seed phrases/private keys, use hardware wallets or keep dem fully offline. For traders, compromised keys and saved wallet data fit cause immediate asset theft and account takeover, and fit quicken social-engineering spread through infected contacts — so careful download habits and hardware wallets important to reduce short-term loss risk and long-term account security exposure.