Cybersecurity researchers at Kaspersky have discovered a dangerous new malware called Stealka that disguises itself as popular video game modifications and pirated software.
The malware has been found on trusted platforms like GitHub, SourceForge, and Google Sites, making it particularly dangerous because users believe they’re downloading from legitimate sources. Kaspersky researcher Artem Ushkov led the investigation and warned that attackers are creating professional-looking fake websites to distribute the malware.
How Stealka Spreads
Stealka primarily spreads through fake game mods and cheats, especially for popular titles like Roblox and Grand Theft Auto V. Attackers also hide the malware in cracked versions of software like Microsoft Visio.
According to Kaspersky’s research, cybercriminals are becoming more sophisticated in their approach. Some attackers create entire fake websites that appear highly professional, possibly using artificial intelligence tools to make them look trustworthy. These sites even display fake antivirus scanning results to trick users into thinking the files are safe.
The malware files are simply bait that use popular search terms to attract downloads. The actual content inside these files has nothing to do with what’s advertised—it’s always the same infostealer regardless of what game or software it claims to be.
Source: Kaspersky
Attackers also use compromised accounts on legitimate gaming mod websites to spread the malware. This creates a dangerous cycle where stolen credentials become tools for additional infections.
What Stealka Can Steal
Stealka has extensive capabilities that make it extremely dangerous for cryptocurrency holders. The malware targets data from over 100 different web browsers built on Chromium and Gecko engines, including Chrome, Firefox, Opera, Edge, Brave, and Yandex Browser.
The primary targets include autofill data such as login credentials, home addresses, and payment card details. But the real danger lies in its focus on cryptocurrency assets.
Stealka can access the settings and databases of 115 browser extensions used for crypto wallets, password managers, and two-factor authentication services. Among the 80 cryptocurrency wallets at risk are major platforms including:
- Binance
- Coinbase
- Crypto.com
- SafePal
- Trust Wallet
- MetaMask
- Phantom
- Exodus
The malware also targets standalone wallet applications, extracting encrypted private keys, seed phrase data, wallet file paths, and encryption parameters. This information could potentially allow attackers to drain cryptocurrency wallets completely.
Beyond crypto wallets, Stealka compromises messaging applications like Discord and Telegram, email clients including Outlook and Mailbird, VPN services, password managers, and gaming platforms. The malware even takes screenshots and collects general system information.
Who’s Being Targeted
Most confirmed victims are located in Russia, where the malware appears to be primarily based. However, infections have also been detected in Turkey, Brazil, Germany, and India, showing that the threat is spreading globally.
The malware specifically targets people who download unofficial game mods, pirated software, and cheats from unverified sources. Gamers looking for free enhancements to their favorite games are prime targets.
Financial Damage Remains Unknown
While Stealka has significant capabilities to cause financial harm, Kaspersky reports that all known infection attempts observed by their systems have been blocked by their security products. There is currently no confirmed evidence of large-scale cryptocurrency theft directly attributed to this campaign.
Artem Ushkov stated that the company is “not aware of the amount of crypto that has been stolen using it,” noting that their solutions successfully blocked all detected instances of the malware. However, this doesn’t mean the threat is negligible. Undetected infections may still exist on systems without adequate protection, especially where users download cracked tools or suspicious mods from unofficial sources.
Connection to Similar Threats
Stealka’s behavior closely resembles another malware called ModStealer that was discovered in September 2025. ModStealer also targeted cryptocurrency wallets across multiple operating systems and evaded antivirus detection for nearly a month.
This pattern suggests that malware-as-a-service operations are becoming more common, where cybercriminals sell ready-made malware tools to affiliates with minimal technical skills.
How to Protect Yourself
Kaspersky recommends several critical steps to protect against Stealka and similar threats:
Avoid pirated content: Stay away from unofficial game mods, cheats, and pirated software. The false savings from cracked software aren’t worth the risk of losing all your cryptocurrency.
Use security software: Install reliable antivirus software with real-time protection. Even files downloaded from legitimate websites can be compromised.
Don’t store sensitive data in browsers: Avoid saving passwords, payment card details, and other confidential information directly in your browser. Use dedicated password managers that are immune to these types of exploits.
Enable two-factor authentication: Set up 2FA on all accounts and use backup codes. Store these codes securely—never in text documents, notes, or your browser.
Download from official sources only: Only download software and game modifications from verified, official sources. Be extremely cautious about which browser extensions you install.
The Bigger Picture
The emergence of Stealka highlights a growing intersection between gaming and cryptocurrency vulnerabilities. Cybercriminals are exploiting gamers’ desire for free content to create gateways for financial crimes.
According to recent reports, malicious recruitment campaigns using fake job offers have also become common delivery methods for similar malware. The cryptocurrency sector faces an escalating arms race in security as these threats continue to evolve.
With Stealka demonstrating how easily malware can spread through trusted platforms and evade detection, users must remain vigilant. The threat serves as a reminder that if something seems too good to be true—like a free mod or cracked software—it probably is.
Stay Alert, Stay Safe
Stealka represents a serious threat to cryptocurrency holders who download unofficial game content. While no major thefts have been confirmed yet, the malware’s capabilities could lead to significant financial losses for those without proper protection. By avoiding pirated software, using security tools, and following best practices for crypto security, users can significantly reduce their risk of falling victim to this and similar threats.