In summary
- Cybersecurity experts at Kaspersky have discovered a new type of information thief that has the ability to steal sensitive information from a wide variety of Windows-based browsers and applications.
- Hackers are inserting the malware into unofficial mods for games like Roblox, as well as various Windows applications.
- Kaspersky tells Decrypt that it has no data on the amount of cryptocurrencies stolen through the data thief.
Hackers are inserting data-stealing malware into hacked mods for Roblox and other games, according to research from cybersecurity company Kaspersky.
A blog post from Kaspersky reveals that it has identified a new breed of information stealer called Stealka, which it has so far found on distribution platforms such as GitHub, SourceForge, Softpedia and sites.google.com.
Disguised as unofficial mods, cheats, and cracks for Windows-based games and other applications, Stealka leaks sensitive login and browser information, which its operators can use to steal cryptocurrency.
Targeted Crypto Wallets
The malware mainly targets data contained in browsers such as Chrome, Firefox, Opera, Yandex Browser, Edge, Brave, as well as the settings and databases of more than 100 browser extensions.
Such extensions include cryptocurrencies. wallets from Binance, Coinbase, MetaMask, Crypto.com and Trust Wallet, as well as password managers (1Password, NordPass, LastPass) and 2FA applications (Google Authenticator, Authy, Bitwarden).
In fact, Stealka’s scope is not limited to browser extensions as it can also lift (encrypt) private keysseed phrase data and wallet file paths from standalone cryptocurrency wallet applications.
This includes apps for Binance, Exodus, MyCrypto, and MyMonero, as well as wallet apps for Bitcoin, BitcoinABC, Dogecoin, Ethereum, Monero, Novacoin, and Solar.
Away from cryptocurrencies, Stealka malware has the ability to steal data and authentication tokens for messaging apps (e.g. Discord and Telegram), password management apps (e.g. 1Password, Bitward, LastPass), email clients (e.g. Gmail Notifier Pro, Mailbird, Outlook), note-taking apps (NoteFly, Notezilla, Microsoft StickyNotes), and VPN clients (e.g. OpenVPN, ProtonVPN, WindscribeVPN).
talking to DecipherKaspersky cybersecurity expert Artem Ushkov explained that the new malware “was detected by Kaspersky endpoint protection solutions on Windows machines in November 2025.”
As with similar malware, Ushkov reports that most of the users Stealka targets are located in Russia.
“However, malware attacks have also been detected in other countries, including Türkiye, Brazil, Germany and India,” he added.
How to stay safe
In light of the Stealka threat, Kaspersky warns on its blog that in addition to using reputable antivirus software, users should stay away from unofficial and pirated mods.
The blog also advises against storing important information in browsers and urges users to employ two-factor authentication whenever available, while also using backup codes (but not storing them in browsers or in text documents).
While Stealka’s potential to steal information and, by extension, cryptocurrency seems intimidating, there is currently no indication that it has resulted in significant losses.
“We are not aware of the amount of cryptocurrencies that have been stolen with their use,” Ushkov said. “Our solutions protect against this threat: Our solutions blocked all detected Stealka malware.”
GG Fact Sheet
Get the latest web3 gaming news, hear directly from game studios and influencers covering the space, and receive improvements from our partners.
