Hackers are inserting infostealer malware into pirated mods for Roblox and other games, according to research from cybersecurity company Kaspersky. A blog post from Kaspersky reveals that it has identified a new variety of infostealer called Stealka, which it has so far encountered on distribution platforms such as GitHub, SourceForge, Softpedia and sites.google.com.
Disguised as unofficial mods, cheats and cracks for Windows-based games and other apps, Stealka exfiltrates sensitive login and browser information, which its operators can use to steal crypto.The malware primarily targets data contained by browsers such as Chrome, Firefox, Opera, Yandex Browser, Edge, Brave, as well as the settings and databases of over 100 browser extensions.
Such extensions include cryptocy wallets from Binance, Coinbase, MetaMask, Crypto.com and Trust Wallet, as well as password managers (1Password, NordPass, LastPass) and 2FA apps (Google Authenticator, Authy, Bitwarden).
In fact, Stealka’s reach doesn’t stop with browser extensions, since it can also lift (encrypted) private keys, seed phrase data and wallet file paths from standalone cryptocy wallet apps.This includes apps from Binance, Exodus, MyCrypto and MyMonero, as well as wallet apps for Bitcoin, BitcoinABC, Dogecoin, Ethereum, Monero, Novacoin and Solar.
Away from crypto, the Stealka malware has the ability to steal data and authentication tokens for messaging apps (e.g. Discord and Telegram), password manager apps (e.g. 1Password, Bitward, LastPass), email clients (e.g. Gmail Notifier Pro, Mailbird, Outlook), notetaking apps (NoteFly, Notezilla, Microsoft StickyNotes), and VPN clients (e.g. OpenVPN, ProtonVPN, WindscribeVPN).
Speaking to Decrypt, Kaspersky cybersecurity expert Artem Ushkov explained that the new malware “was detected by Kaspersky endpoint protection solutions on Windows machines in November 2025.” As is the case with similar malware, Ushkov reports that most of the users targeted by Stealka are based in Russia. “However, attacks by the malware have also been detected in other countries, including Türkiye, Brazil, Germany and India,” he added.
In view of the threat Stealka, Kaspersky advises in its blog that, aside from using reputable antivirus software, users should steer clear of unofficial and pirated mods. The blog also advises against storing important info in browsers, and urges users to employ two-factor authentication wherever available, while also making use of backup codes (but without storing them on browsers or in text documents).
While Stealka’s potential for stealing info and, by extension, crypto seems intimidating, there’s currently no indication that it has resulted in significant losses. “We are not aware of the amount of crypto that has been stolen using it,” said Ushkov. “Our solutions protect against this threat: all detected Stealka malware was blocked by our solutions.”
U.S. Senator Chris Murphy (D-Conn.) is calling for legislation to ban prediction markets that allow traders to bet…
The U.S. Internal Revenue Service (IRS) has proposed a new rule that would allow cryptocy brokers to deliver…
Global fintech powerhouse Revolut has filed an application for a U.S. banking license, a move that would allow…
A man accused of stealing tens of millions of dollars in cryptocy from U.S. government…
Intercontinental Exchange (ICE) — the parent company of the New York Stock Exchange — has taken a strategic…
A new study from the Bitcoin Policy Institute (BPI) found that leading artificial intelligence models overwhelmingly favor Bitcoin…