New Windows infostealer called “Stealka” is targeting crypto wallets and browser extensions by posing as game cheats and mods, cybersecurity firm Kaspersky warns.
Kaspersky revealed Thursday that it uncovered Stealka — first detected in November — which attackers have used to hijack accounts, steal cryptocurrency and even install crypto miners. To lure victims, operators disguise the malware as popular game cracks, cheats and mods (notably for Roblox) and as software cracks for legitimate apps like Microsoft Visio. The malicious installers have been distributed via legitimate hosting services, including GitHub, SourceForge and Google Sites, and Kaspersky says some campaigns go further by spinning up convincing fake websites — possibly built with AI tools — to look “quite professional,” researcher Artem Ushkov noted.
Why crypto users should be alarmed
Stealka’s most dangerous capability is its focus on data from Chromium- and Gecko-based browsers — more than 100 browsers are therefore at risk, including Chrome, Firefox, Edge, Opera, Yandex and Brave. Its primary targets are autofill data (sign-in credentials, addresses and payment card details), and it also harvests the settings and databases of 115 browser extensions tied to crypto wallets, password managers and 2FA services.
Kaspersky lists roughly 80 crypto wallets among those targeted, including:
- Binance, Coinbase, Crypto.com
- SafePal, Trust Wallet, MetaMask
- Ton, Phantom, Nexus, Exodus
Beyond wallets, Stealka can collect data from messaging apps (Discord, Telegram, Unigram, Pidgin, Tox), email clients, password managers, gaming clients and even VPN applications — giving attackers many routes to compromise accounts and loot funds.
Practical protections for crypto users
Kaspersky recommends basic but crucial defenses: run reputable antivirus/endpoint protection, avoid storing passwords in browsers, and steer clear of pirated software and unofficial game mods. For crypto holders, additional prudent steps include using hardware wallets for significant balances, keeping wallet extensions to a minimum, regularly auditing installed extensions and revoking unused permissions, and enabling strong, separate authentication methods where possible.
Context: a risky environment
The discovery arrives amid a broader escalation in online threats: Cloudflare reported last week that more than 5% of all emails globally contain malicious content, with over half of those messages carrying phishing links and about a quarter of HTML attachments flagged as malicious — underscoring how common hostile delivery vectors have become.
Bottom line: Stealka shows attackers are increasingly weaponizing everyday gaming and software communities to reach crypto users. Vigilance around downloads, extensions and where you store credentials remains essential to protect digital assets.
Read more AI-generated news on: undefined/news
