coinrifft (OP)
Member
 Offline
Activity: 84
Merit: 25
Learning the process...
|
 |
January 08, 2026, 10:49:54 AM
Last edit: January 08, 2026, 11:04:25 AM by coinrifft |
|
There is a new stealer that has been discovered in recent month by Kaspersky. It targets locally installed apps and crypto wallets. Here is a sample on how this Stealka stealer spreads,  So in this example, this uses Roblox, one of the most well-known games and uses SourceForge to spread it. Or they will go one step further to create a website to attract unsuspecting victims to download it.  And what makes it very dangerous is that it's target is data from browsers like Chrome, Firefox, Opera, Yandex Browser, Edge, Brave, as well as many, many others. And they go even another step it as Stealka also targets the settings and databases of 115 browser extensions for crypto wallets, password managers, and 2FA services. Here are some of the most popular extensions now at risk: - Crypto wallets: Binance, Coinbase, Crypto.com, SafePal, Trust Wallet, MetaMask, Ton, Phantom, Exodus
- Two-factor authentication: Authy, Google Authenticator, Bitwarden
- Password management: 1Password, Bitwarden, LastPass, KeePassXC, NordPass
In the final stage, the stealer gathers local configuration data, user account details, and service files from various installed applications. - Crypto wallets. Wallet configurations may contain encrypted private keys, seed-phrase data, wallet file paths, and encryption parameters. That’s enough to at least make an attempt at stealing your cryptocurrency. At risk are 80 wallet applications, including Binance, Bitcoin, BitcoinABC, Dogecoin, Ethereum, Exodus, Mincoin, MyCrypto, MyMonero, Monero, Nexus, Novacoin, Solar, and many others.
- Messaging apps. Messaging app service files store account data, device identifiers, authentication tokens, and the encryption parameters for your conversations. In theory, a malicious actor could gain access to your account and read your chats. At risk are Discord, Telegram, Unigram, Pidgin, Tox, and others.
- Password managers. Even if the passwords themselves are encrypted, the configuration files often contain information that makes cracking the vault significantly easier: encryption parameters, synchronization tokens, and details about the vault version and structure. At risk are 1Password, Authy, Bitwarden, KeePass, LastPass, and NordPass.
- Email clients. These are where your account credentials, mail server connection settings, authentication tokens, and local copies of your emails can be found. With access to your email, an attacker will almost certainly attempt to reset passwords for your other services. At risk are Gmail Notifier Pro, Claws, Mailbird, Outlook, Postbox, The Bat!, Thunderbird, and TrulyMail.
- Note-taking apps. Instead of shopping lists or late-night poetry, some users store information in their notes that has no business being there, like seed phrases or passwords. At risk are NoteFly, Notezilla, SimpleStickyNotes, and Microsoft StickyNotes.
- Gaming services and clients. The local files of gaming platforms and launchers store account data, linked service information, and authentication tokens. At risk are Steam, Roblox, Intent Launcher, Lunar Client, TLauncher, Feather Client, Meteor Client, Impact Client, Badlion Client, and WinAuth for battle.net.
- VPN clients. By gaining access to configuration files, attackers can hijack the victim’s VPN account to mask their own malicious activities. At risk are AzireVPN, OpenVPN, ProtonVPN, Surfshark, and WindscribeVPN.
So this is just a warning for crypto community, specially those who are in gaming industry not to download and trust everything you see. Might be better to update your OS or download from real sites but you have to verify everything first. https://www.kaspersky.com/blog/windows-stealer-stealka/55058/ |
