Hackers are inserting infostealer malware into pirated mods for Roblox and other games, according to research from cybersecurity company Kaspersky. A blog post from Kaspersky reveals that it has identified a new variety of infostealer called Stealka, which it has so far encountered on distribution platforms such as GitHub, SourceForge, Softpedia and sites.google.com.
Disguised as unofficial mods, cheats and cracks for Windows-based games and other apps, Stealka exfiltrates sensitive login and browser information, which its operators can use to steal crypto.The malware primarily targets data contained by browsers such as Chrome, Firefox, Opera, Yandex Browser, Edge, Brave, as well as the settings and databases of over 100 browser extensions.
Such extensions include cryptocy wallets from Binance, Coinbase, MetaMask, Crypto.com and Trust Wallet, as well as password managers (1Password, NordPass, LastPass) and 2FA apps (Google Authenticator, Authy, Bitwarden).
In fact, Stealka’s reach doesn’t stop with browser extensions, since it can also lift (encrypted) private keys, seed phrase data and wallet file paths from standalone cryptocy wallet apps.This includes apps from Binance, Exodus, MyCrypto and MyMonero, as well as wallet apps for Bitcoin, BitcoinABC, Dogecoin, Ethereum, Monero, Novacoin and Solar.
Away from crypto, the Stealka malware has the ability to steal data and authentication tokens for messaging apps (e.g. Discord and Telegram), password manager apps (e.g. 1Password, Bitward, LastPass), email clients (e.g. Gmail Notifier Pro, Mailbird, Outlook), notetaking apps (NoteFly, Notezilla, Microsoft StickyNotes), and VPN clients (e.g. OpenVPN, ProtonVPN, WindscribeVPN).
Speaking to Decrypt, Kaspersky cybersecurity expert Artem Ushkov explained that the new malware “was detected by Kaspersky endpoint protection solutions on Windows machines in November 2025.” As is the case with similar malware, Ushkov reports that most of the users targeted by Stealka are based in Russia. “However, attacks by the malware have also been detected in other countries, including Türkiye, Brazil, Germany and India,” he added.
In view of the threat Stealka, Kaspersky advises in its blog that, aside from using reputable antivirus software, users should steer clear of unofficial and pirated mods. The blog also advises against storing important info in browsers, and urges users to employ two-factor authentication wherever available, while also making use of backup codes (but without storing them on browsers or in text documents).
While Stealka’s potential for stealing info and, by extension, crypto seems intimidating, there’s currently no indication that it has resulted in significant losses. “We are not aware of the amount of crypto that has been stolen using it,” said Ushkov. “Our solutions protect against this threat: all detected Stealka malware was blocked by our solutions.”
Stablecoin giant Tether has dramatically escalated its enforcement activity after blacklisting 370 blockchain addresses and freezing approximately $514.64 million worth…
Crypto exchange giant Coinbase experienced a major service outage that disrupted trading, transfers, and exchange operations after…
Cross-chain messaging protocol LayerZero has publicly apologized for its handling of the massive Kelp DAO exploitthat drained approximately $292…
Executives from PayPal and Google Cloud said the future of “agentic commerce” — where AI agents autonomously buy goods,…
Crypto exchange giant Kraken is making a major move deeper into the U.S. financial system after its…
A major national security scandal has erupted in Taiwan after prosecutors indicted a Taiwanese news…