Gamers, get ready: scammers disguise cryptocurrency and password-stealing Scavenger trojans as cheats and mods

Doctor Web researchers describe Trojan.Scavenger, a multi-stage Windows malware family distributed via fake game patches and plugins that exploits DLL Search Order Hijacking to load malicious DLLs into Chromium-based browsers and crypto wallet applications; the malware disables sandboxing and extension verification, modifies/serves tampered extensions from ServiceWorkerCache, hooks V8 and file APIs to harvest mnemonic phrases, private keys, cookies and passwords, and exfiltrates these to C2 servers—Doctor Web added protections and published IOCs.