Stealka Malware Poses as Game Mods to Target Crypto Wallets, Warns Kaspersky

The rise of digital tools has made online activities easier and more convenient, but it has also created new risks for users, particularly in the financial and cryptocurrency sectors. Security researchers at Kaspersky have identified a malware strain called Stealka that primarily targets Windows users. The software is specifically designed to attack cryptocurrency wallets and browser extensions, often masquerading as gaming modifications and cheat files to deceive users into installing it.

Stealka’s Operation and Distribution Tactics

According to Kaspersky, Stealka only becomes active when the file is opened manually by the user, after which the malware begins executing its functions. It quietly gathers sensitive information from the device and forwards it to the perpetrators’ systems, allowing attackers to access user accounts, cryptocurrency funds, and run crypto mining programs without the user’s knowledge.

The malware is commonly distributed through popular platforms, including GitHub, SourceForge, Softpedia, and sites.google.com. In more sophisticated attacks, cybercriminals create entirely fabricated websites that appear legitimate, sometimes using artificial intelligence tools to enhance their appearance. Without strong antivirus protection, ordinary users are unlikely to detect the deception. Even when downloads look suspicious, many users may still be misled into running the malware.

Stealka’s Targets and Data Theft Capabilities

Stealka is equipped with a variety of tools, but its primary focus is harvesting information from browsers built on Chromium and Gecko engines. This exposes over a hundred browsers to potential compromise, including widely used ones like Chrome, Firefox, Opera, Yandex Browser, Edge, and Brave. The malware exploits stored data such as login credentials, addresses, and payment card information, allowing attackers to gain full access to accounts and systems.

In addition, Stealka can interact with the configurations and stored data of 115 browser extensions, including those for cryptocurrency wallets, password management, and two-factor authentication. Wallets at risk include Crypto.com, SafePal, Trust Wallet, Binance, Coinbase, MetaMask, Ton, and Exodus, among others.

Precautionary Measures for Users

To defend against threats like Stealka, Kaspersky recommends several measures, including the following:

• Installing and maintaining reputable antivirus software, while noting that even files from trusted websites can be risky because cybercriminals may exploit well-known platforms.
• Exercising caution with downloads such as game hacks, mods, or unlicensed software, and avoiding storing sensitive information directly in browsers to reduce potential exposure.
• Enabling two-factor authentication, which adds an extra layer of protection and makes unauthorized access more difficult.
• Keeping backup codes for important accounts, allowing recovery if credentials are compromised, and reinforcing overall account security.

Stealka is part of a broader pattern of cyber threats that continue to grow in scale and sophistication. Cloudflare recently reported that phishing emails are a major part of email-based threats, with more than half of dangerous messages containing phishing links. In total, over 5% of emails sent worldwide carry harmful content, and about a quarter of these include malicious HTML attachments. This shows the extensive reach of cyber threats beyond individual malware campaigns and reflects the importance of proactive digital security measures.