Hackers are inserting infostealer malware into pirated mods for Roblox and other games, according to research from cybersecurity company Kaspersky. A blog post from Kaspersky reveals that it has identified a new variety of infostealer called Stealka, which it has so far encountered on distribution platforms such as GitHub, SourceForge, Softpedia and sites.google.com.
Disguised as unofficial mods, cheats and cracks for Windows-based games and other apps, Stealka exfiltrates sensitive login and browser information, which its operators can use to steal crypto.The malware primarily targets data contained by browsers such as Chrome, Firefox, Opera, Yandex Browser, Edge, Brave, as well as the settings and databases of over 100 browser extensions.
Such extensions include cryptocy wallets from Binance, Coinbase, MetaMask, Crypto.com and Trust Wallet, as well as password managers (1Password, NordPass, LastPass) and 2FA apps (Google Authenticator, Authy, Bitwarden).
In fact, Stealka’s reach doesn’t stop with browser extensions, since it can also lift (encrypted) private keys, seed phrase data and wallet file paths from standalone cryptocy wallet apps.This includes apps from Binance, Exodus, MyCrypto and MyMonero, as well as wallet apps for Bitcoin, BitcoinABC, Dogecoin, Ethereum, Monero, Novacoin and Solar.
Away from crypto, the Stealka malware has the ability to steal data and authentication tokens for messaging apps (e.g. Discord and Telegram), password manager apps (e.g. 1Password, Bitward, LastPass), email clients (e.g. Gmail Notifier Pro, Mailbird, Outlook), notetaking apps (NoteFly, Notezilla, Microsoft StickyNotes), and VPN clients (e.g. OpenVPN, ProtonVPN, WindscribeVPN).
Speaking to Decrypt, Kaspersky cybersecurity expert Artem Ushkov explained that the new malware “was detected by Kaspersky endpoint protection solutions on Windows machines in November 2025.” As is the case with similar malware, Ushkov reports that most of the users targeted by Stealka are based in Russia. “However, attacks by the malware have also been detected in other countries, including Türkiye, Brazil, Germany and India,” he added.
In view of the threat Stealka, Kaspersky advises in its blog that, aside from using reputable antivirus software, users should steer clear of unofficial and pirated mods. The blog also advises against storing important info in browsers, and urges users to employ two-factor authentication wherever available, while also making use of backup codes (but without storing them on browsers or in text documents).
While Stealka’s potential for stealing info and, by extension, crypto seems intimidating, there’s currently no indication that it has resulted in significant losses. “We are not aware of the amount of crypto that has been stolen using it,” said Ushkov. “Our solutions protect against this threat: all detected Stealka malware was blocked by our solutions.”
SWIFT has launched a new blockchain-based ledger pilot with 17 major banks to test how tokenized deposits can move across…
Sony Bank, the banking arm of Sony Financial Group, has received conditional approval from the Office of the Comptroller…
PayPal has expanded its stablecoin strategy by launching PayPal USD (PYUSD) natively on the Polygon blockchain, giving businesses direct access…
BONK, one of Solana's most recognizable memecoins, is facing a major governance crisis after an…
World, the blockchain ecosystem co-founded by Sam Altman, is shifting its prediction market infrastructure from Solana to the…
BNB Chain has revealed plans to build a brand-new Layer 1 blockchain specifically designed for the next generation…