Introduction
Recent findings from the cybersecurity firm Kaspersky indicate that hackers are embedding infostealer malware within pirated modifications of games like Roblox. Their investigation has uncovered a novel type of infostealer named “Stealka”, which has appeared on various distribution services, including GitHub, SourceForge, Softpedia, and sites hosted by Google.
How Stealka Operates
Stealka masquerades as unofficial game modifications, cheats, and software patches specifically designed for Windows. Once a victim inadvertently installs this malware, it stealthily extracts sensitive information from users’ browsers, which can be exploited to pilfer cryptocurrencies. Major browsers targeted by Stealka include:
- Chrome
- Firefox
- Opera
- Yandex Browser
- Edge
- Brave
Additionally, it targets the settings and databases associated with more than 100 browser extensions.
Targeted Applications and Data
Notably, the malware focuses on cryptocurrency wallet extensions from prominent platforms like Binance, Coinbase, and MetaMask, alongside password management tools such as 1Password and LastPass. Stealka is adept at retrieving:
- Private keys
- Seed phrases
- Wallet file directories
It extends its reach to various cryptocurrency wallets, including those for Bitcoin, Ethereum, and Dogecoin.
Broader Impact
Beyond cryptocurrencies, Stealka can compromise a range of applications, including:
- Messaging services like Discord and Telegram
- Email programs such as Outlook
- VPN services like OpenVPN and ProtonVPN
Expert Insights
Kaspersky’s cybersecurity specialist Artem Ushkov stated in an interview with Decrypt that this malicious software was first detected in November 2025 using Kaspersky’s endpoint protection services on Windows systems. He noted that the majority of victims appear to be located in Russia, although incidents related to Stealka have also been recorded in Türkiye, Brazil, Germany, and India.
Recommendations
Kaspersky’s blog emphasizes the importance of using trusted antivirus solutions and discourages the use of unofficial and pirated mods. They further recommend that users:
- Avoid storing sensitive information in browsers
- Use two-factor authentication whenever possible
- Create backup codes but refrain from keeping them in browsers or text files
Conclusion
While the capabilities of Stealka to siphon off critical information, particularly related to cryptocurrencies, are concerning, Kaspersky has not yet identified any substantial losses directly tied to this malware. Ushkov confirmed,
“We do not have data on the amount of cryptocurrency stolen via this malware. Our systems have successfully blocked all instances of Stealka identified so far.”
