Video Game Mods Fuel Spread of New Stealka Crypto Infostealer, Kaspersky Warns

Cybersecurity researchers at Kaspersky have issued a warning about a newly identified crypto-focused malware dubbed “Stealka,” which is being spread through malicious video game mods. The campaign highlights growing security risks at the intersection of gaming communities and cryptocurrency usage, where attackers are exploiting trust and informal distribution channels to steal sensitive data.

According to Kaspersky, Stealka is a type of information-stealing malware designed to harvest credentials, browser data, and cryptocurrency-related information from infected systems. The malware is being distributed by disguising it as game modifications, or “mods,” which are commonly used by gamers to customize gameplay, add features, or enhance graphics. Because mods are often downloaded from third-party forums, file-sharing sites, or community platforms, they present an attractive vector for cybercriminals.

Researchers say Stealka primarily targets crypto wallets, browser extensions linked to digital assets, and stored authentication data that could give attackers access to funds. Once installed, the malware runs silently in the background, collecting information such as private keys, seed phrases, saved passwords, cookies, and autofill data. This information can then be used to drain wallets or compromise exchange accounts without the victim’s immediate knowledge.

Kaspersky noted that the attackers appear to be focusing on popular PC games with active modding communities. By embedding malicious code into seemingly legitimate mod files, threat actors increase the likelihood that users will bypass security warnings and antivirus checks, especially when mods are promoted as exclusive or newly released content.

The Stealka campaign reflects a broader trend in cybercrime where attackers increasingly target crypto users through indirect channels rather than phishing emails alone. Gaming communities are particularly vulnerable due to their reliance on unofficial downloads and the high level of trust between mod creators and users. Many gamers who hold cryptocurrencies may also reuse the same devices for gaming, trading, and wallet management, creating a single point of failure.

Kaspersky researchers said the malware is modular, allowing attackers to update or expand its capabilities over time. In addition to crypto theft, Stealka can collect system information and monitor user activity, potentially enabling follow-up attacks or resale of stolen data on underground markets. This flexibility makes the malware especially dangerous, as it can adapt to different targets and environments.

The discovery comes amid a rise in malware campaigns aimed at crypto assets as market activity increases. Security firms have repeatedly warned that infostealers remain one of the most effective tools for attackers because they exploit poor digital hygiene rather than technical vulnerabilities in blockchain networks themselves.

Kaspersky urged gamers and crypto users to exercise caution when downloading mods, recommending that files be sourced only from reputable platforms with active moderation. The company also advised users to avoid storing wallet seed phrases or private keys in browsers or plain text files, and to use hardware wallets where possible for added security.

The firm emphasized the importance of updated antivirus software capable of detecting new and evolving threats, as well as basic practices such as scanning downloads before installation and monitoring systems for unusual behavior.

As gaming and crypto continue to overlap, experts warn that attackers will keep exploiting social and cultural trends to distribute malware. The Stealka campaign serves as a reminder that even entertainment-focused downloads can carry serious financial risks, particularly in an ecosystem where a single compromised device can lead to irreversible crypto losses.