New Windows infostealer called “Stealka” is stealing crypto and browser data by hiding inside fake game mods and cracks, cybersecurity firm Kaspersky warns. Kaspersky disclosed Thursday that it uncovered Stealka — a recently identified infostealer first seen in November — which attackers are using to hijack accounts, siphon cryptocurrency, and even deploy crypto miners on victims’ machines. What makes Stealka particularly effective is its disguise: operators distribute it as game “cracks,” cheats and mods (notably fake Roblox mods) and as software cracks for apps like Microsoft Visio, often hosting the files on legitimate platforms such as GitHub, SourceForge and Google Sites. Kaspersky researcher Artem Ushkov also says some campaigns create professional-looking fake websites — possibly built with AI tools — to lure users into downloading the malware. Scope and tactics - Stealka targets data stored in Chromium- and Gecko-based browsers, putting more than 100 different browsers at risk — including Chrome, Firefox, Edge, Opera, Brave, Yandex and others. - Its primary haul is autofill data: sign-in credentials, addresses and payment card details. Beyond this, Stealka specifically looks for the settings and databases of 115 browser extensions, focusing on crypto wallets, password managers and 2FA tools. - Kaspersky lists roughly 80 crypto wallets in the malware’s sights, among them Binance, Coinbase, Crypto.com, SafePal, Trust Wallet, MetaMask, Ton, Phantom, Nexus and Exodus. - Messaging apps (Discord, Telegram, Unigram, Pidgin, Tox), email clients, password managers, gaming clients and some VPN applications are also targeted. - Once installed, the malware can exfiltrate credentials, drain accounts, hijack logins and install crypto miners. Why crypto users should care Stealka is designed to harvest exactly the artifacts that give attackers access to wallets and exchanges: saved credentials, wallet extension data and autofill payment information. For crypto holders who rely on browser extensions or keep funds accessible online, a successful infection can lead directly to theft. Kaspersky’s defenses and practical steps Kaspersky recommends standard hygiene: run reputable antivirus software, avoid storing passwords in browsers and don’t use pirated software or unofficial game mods. For crypto users in particular, consider these additional precautions: - Use hardware wallets or cold storage for significant holdings rather than keeping funds in browser extensions or custodial accounts. - Keep browser extensions to a minimum; regularly audit and remove unused extensions and check permissions. - Use a dedicated browser profile or separate browser for crypto activity, and avoid downloading mods/cracks from untrusted sources. - Use a reputable password manager (rather than browser-stored passwords) and enable strong, app-based 2FA where possible. - Keep OS and software patched, verify downloads and repository authenticity, and be skeptical of “too good to be true” cracked software and game mods. Wider context The Stealka discovery arrives amid broader trends in email- and web-based attacks. Cloudflare recently reported that over 5% of global emails contain malicious content; more than half of those include phishing links, and roughly a quarter of HTML attachments are malicious — underscoring how common delivery vectors for malware remain. Bottom line Stealka is another reminder that attackers increasingly weaponize popular software distribution channels and gaming communities to reach crypto users. Protecting funds now means combining good endpoint defenses with crypto-specific best practices — hardware wallets, minimal extension use, and careful sourcing of downloads — to reduce the attack surface for infostealers like Stealka. Read more AI-generated news on: undefined/news

#BTC