Skip to content
- Stealka malware targets over 100 browsers and 80 cryptocurrency wallets.
- The malware spreads through fake game mods and pirated software on trusted platforms.
- Strong antivirus, two-factor authentication, and cautious downloading can prevent infections.
According to the report, Cybersecurity experts have identified a sophisticated malware named Stealka that endangers cryptocurrency users. First spotted in November 2025, the malware spreads through seemingly legitimate sources. It disguises itself as game modifications, cheats, and pirated software.
Platforms like GitHub, SourceForge, and Google Sites are being exploited for distribution. Stealka appears as popular game modifications for Roblox and Grand Theft Auto V, as well as cracked versions of widely used software like Microsoft Visio.
Attackers have built professional-looking websites to make downloads appear authentic. Users without strong security tools may find it difficult to spot these threats. Stealka primarily targets browsers built on Chromium and Gecko engines.
Attacks 80 Crypto Wallets Including Binance and MetaMask
This puts more than 100 browsers at risk, including Chrome, Firefox, Opera, Edge, Brave, and Yandex. The malware extracts autofill data such as sign-in credentials, addresses, and payment card details. It also focuses on browser extensions linked to crypto wallets, password managers, and two-factor authentication tools.
The malware targets 80 cryptocurrency wallets, including major platforms like Binance, Coinbase, MetaMask, Crypto.com, SafePal, Trust Wallet, Phantom, Ton, Nexus, and Exodus. Stealka searches for highly sensitive information such as encrypted private keys, seed phrases, wallet file paths, and encryption parameters.
Beyond cryptocurrency, Stealka can access messaging applications like Discord and Telegram, email clients, gaming platforms, password managers, and VPNs. This broad targeting allows attackers to hijack accounts and gather intelligence for further attacks.
Stealka Malware Hits Russia and Other Countries
Most infections are reported in Russia, with additional cases in Turkey, Brazil, Germany, and India. Attackers sometimes use compromised accounts on legitimate gaming mod sites to propagate the malware further.
The financial risk from Stealka is significant, yet all detected instances have been blocked by cybersecurity solutions. So far, there is no confirmed evidence of major cryptocurrency theft from infections. Experts recommend avoiding pirated software, unverified game modifications, and cheats.
Reliable antivirus software with real-time scanning should be active at all times. Users should store passwords and payment details in secure password managers rather than browsers. Two-factor authentication should be enabled, and backup codes must be kept safely outside the browser or in plain text files.
Related Reading: Is Bitcoin Ready to Hit $300K? Expert Predicts Major Bullish Surge!
