Cybersecurity researchers have discovered a giant cyber campaign. Today, this campaign deploys StealC, a kind of stealer malware, to lure gaming enthusiasts searching for game cheats. So far, this campaign has brought in more than $135,000 for its organizers. They’re doing this all while actively using malware along with cybercrime and crypto theft tools. CyberArk, one of the world’s top cybersecurity companies, immediately spotted this suspicious activity. Specifically, they expressed concern over the pervasive use of SVG files to enable these attacks.
The campaign goes directly to gamers actively looking for cheat codes and exploits. It exploits their search behavior to deliver this kind of harmful malware. We see the threat actors responsible for this operation take advantage of StealC’s robust loader capabilities. This enables them to install other desired malware on compromised machines. The most notable payload is a cryptocurrency stealer, with the intent to drain cryptocurrency from victims.
Extensive Use of SVG Files
In CyberArk’s analysis, they found a jaw-dropping 523 SVG files associated with this bogus campaign. These files are used as pipelines to deploy the StealC malware and other malicious payloads. The oldest sampled version of these SVG files goes all the way back to August 14th, 2025. This illustrates the depth, seriousness and forward thinking of this operation.
VirusTotal’s analysis is greatly supplemented by academic research. It shows that the initial versions of these SVG files were close to 25 MB! The resulting files have decreased in size tremendously over the years. This shift implies that the attackers are just getting more sophisticated in their approach and changing their payloads to remain effective.
“Looking deeper, we saw that the earliest samples were larger, around 25 MB, and the size decreased over time, suggesting the attackers were evolving their payloads,” – VirusTotal
This significant change in file size and delivery method was a clear indication of an adversarial knowledge of how to work around security features. It worsens the odds of infections for affected users.
Impact on Cryptocurrency Security
StealC is a serious danger, not just to gamers but now to cryptocurrency investors as well. Hidden inside the malware is a cryptocurrency stealer that raids users’ wallets. Once it does so and compromises those machines, it quickly siphons off valuable digital assets. As more people rely on cryptocurrencies for financial investment or transactions, the importance of security rises significantly.
Our now-ongoing campaign reminds all of us to never let our guard down. This is particularly important for users who are participants in online gaming or electronic currency speculation. The attackers’ focus on gamers demonstrates a strategic choice, capitalizing on individuals who may be less cautious when seeking cheats or hacks.
Evolving Threat Landscape
Now with features like macOS Sequoia introduced, there are more security measures in place that aim to prevent the execution of conventional ransomware and malware installation methods. As noted by many cybersecurity professionals, threat actors rushed to adjust their tactics.
“While macOS Sequoia’s enhanced Gatekeeper protections successfully blocked traditional .dmg-based infections, threat actors quickly pivoted to terminal-based installation methods that proved more effective in bypassing security controls,” – Trend Micro
This adaptation highlights the constant cat-and-mouse dynamic in cybersecurity, where attackers continually evolve their techniques to exploit vulnerabilities in user behavior and system protections.
Cyber threats are always changing and are already one step ahead. Ultimately, it is very important people remain aware of the dangers of downloading software/cheats from the internet. Simple awareness of these malevolent attacks can go a long way in preventing you from becoming a victim of these increasingly sophisticated schemes.