Security firm Kaspersky is sounding the alarm on a new Windows infostealer called “Stealka” that’s being disguised as game mods and cracked software — a direct threat to gamers and crypto users alike. What it does - Identified in November 2025, Stealka arrives in seemingly harmless download packages: cheats, mods and cracked apps for popular titles and utilities. - Once executed, it scrapes browser data, saved passwords and crypto wallet information. Kaspersky says the malware targets more than 115 browser extensions — including wallet, password manager and two-factor apps. Extensions for MetaMask, Binance Wallet, Coinbase and other major wallets are among those at risk. - Stealka can expose private keys, seed phrases, wallet file paths, stored payment cards and autofill entries. Stolen credentials let attackers take over accounts and spread malicious links to victims’ contacts. How it’s spread - The campaign uses convincing landing pages and fake packages uploaded to developer portals and file hosts that users commonly trust — GitHub, SourceForge, Softpedia and even Google Sites. - Examples spotted by researchers include a fake Roblox mod and a cracked copy of Microsoft Visio. Kaspersky notes the attackers may use automated tooling to produce professional-looking pages that trick users into downloading installers. - Delivery varies: some bundles contain only the infostealer, while others also include cryptominer code so infected machines mine cryptocurrency for the attackers. Where it’s been seen - Kaspersky telemetry shows initial detections in Russia, with subsequent infections reported in Turkey, Brazil, Germany and India. Why this matters to crypto holders - Stealka’s focus on wallet extensions and browser-stored keys means seed phrases and private keys can be exposed directly on an infected machine — the fastest route to losing funds. - Hosting on trusted platforms and polished landing pages increase the chance that even cautious users will be fooled. Practical protections (recommended) - Avoid unofficial, pirated software and only download mods from verified creators or official stores. - Use a reputable, up-to-date antivirus and keep Windows and all apps patched. - Prefer a dedicated password manager over saving credentials in the browser. - Enable two-factor authentication on crypto accounts where available. - Verify downloads: check checksums or digital signatures against developer-published values before running installers. Kaspersky’s findings underscore a simple but critical point for the crypto community: social engineering + trusted distribution channels can bypass casual defenses. Stay skeptical of “too good to be true” downloads, and treat game mods and cracked utilities as potential attack vectors. Sources: Kaspersky (featured image), trading data chart from TradingView. Read more AI-generated news on: undefined/news