Cybersecurity firm Kaspersky has discovered a new type of infostealer malware called Stealka, which is being distributed through unofficial and pirated game mods, including for Roblox. The malware has the ability to access sensitive data from Windows-based browsers, apps, and cryptocurrency wallets, raising concerns for gamers who download mods from unofficial sources.
Stealka has been detected on platforms such as GitHub, SourceForge, Softpedia, and sites.google.com, often disguised as cheats, cracks, or other game modifications. Once installed, the malware can extract login credentials, browser data, and information from over 100 browser extensions. These extensions include popular cryptocurrency wallets like MetaMask, Binance, Coinbase, Crypto.com, and Trust Wallet, as well as password managers and two-factor authentication apps such as 1Password, NordPass, LastPass, Google Authenticator, Authy, and Bitwarden.
Impact on Cryptocurrency and Wallet Security
Beyond browsers and extensions, Stealka can access encrypted private keys, seed phrases, and wallet file paths from standalone cryptocurrency wallet applications. Affected wallets include those from Binance, Exodus, MyCrypto, MyMonero, and wallets for Bitcoin, Dogecoin, Ethereum, Monero, Novacoin, and Solar. This allows attackers to potentially gain control over digital assets stored in these wallets.
Kaspersky notes that the malware does not only target crypto assets. It is also capable of stealing authentication tokens and credentials for messaging platforms like Discord and Telegram, email clients including Outlook and Mailbird, note-taking applications such as NoteFly and Notezilla, and VPN clients like OpenVPN, ProtonVPN, and WindscribeVPN.
Geographic Reach and Detection
According to Kaspersky cybersecurity expert Artem Ushkov, Stealka was first detected in November 2025 on Windows devices. Most affected users are reportedly based in Russia, although infections have also been observed in Türkiye, Brazil, Germany, and India. While the malware’s ability to access crypto wallets is concerning, Kaspersky states that there is no confirmed evidence of significant theft, as all detected Stealka instances were blocked by their security solutions.
How Gamers Can Stay Protected
Kaspersky advises players to avoid downloading unofficial or pirated mods and to rely on reputable antivirus software. Users should avoid storing important credentials in browsers and employ two-factor authentication where possible, using backup codes securely without saving them in browsers or text files. These steps can help reduce the risk of falling victim to infostealer malware like Stealka.
Frequently Asked Questions (FAQs)
What is Stealka malware?
Stealka is an infostealer malware that targets Windows devices, primarily distributed through pirated or unofficial game mods. It can access login credentials, browser data, and cryptocurrency wallets.
Which games are affected by Stealka?
So far, Stealka has been found in unofficial mods for Roblox and other Windows-based games. Users should be cautious of downloading mods from unverified sources.
Can Stealka steal cryptocurrency?
Yes. The malware can access browser extensions and standalone wallets to retrieve private keys, seed phrases, and wallet file paths, potentially putting crypto assets at risk.
How widespread is Stealka?
Most infections have been reported in Russia, with additional cases detected in Türkiye, Brazil, Germany, and India.
How can players protect themselves?
Avoid pirated mods, use trusted antivirus software, enable two-factor authentication, and do not store sensitive information in browsers or unsecured files.
