Kaspersky has discovered a new infostealer named Stealka that disguises itself as game mods, cheats, and pirated builds. This malware targets Windows systems and is capable of stealing credentials, cryptocurrency wallet information, and data from communication and gaming applications.
What is Stealka Stealer?
Stealka is a type of infostealer: a program designed to automatically collect confidential information from an infected machine. It poses as useful or desirable mods and cracks to convince users to run the file on Windows.
Once launched, the malware systematically gathers data from the device, including system information and screenshots, while attempting to extract cookies, session tokens, and credentials to hijack accounts.
How does Stealka spread?
According to Kaspersky’s findings, the primary distribution channels are public user-content platforms such as Github and Sourceforge, where attackers publish disguised files. These "mods" and "cracks" appear as legitimate projects but contain an infostealer that initiates data collection on Windows.
As a result, users who download and run unofficial builds and tools are at risk—especially those seeking cheats or pirated versions of games and software. It’s also helpful to review materials on social engineering to understand the deception tactics used by attackers.
What data does Stealka steal?
Stealka targets a broad range of data sources: browsers, crypto wallets, messengers, and gaming services. According to Kaspersky, the malware can compromise over 115 browser extensions and 80 cryptocurrency wallets, extracting cookies, session tokens, and credentials to potentially hijack accounts.
Vulnerable applications include popular browsers like Chrome and Firefox, wallets such as Metamask and Coinbase, as well as gaming and communication platforms including Steam and Discord. Additionally, Stealka collects system information and takes screenshots to facilitate further attacks.
If you store funds in Windows applications, it’s recommended to also review practical advice on how to protect your crypto wallet on this platform.
How to protect yourself from Stealka Stealer?
Kaspersky offers simple but crucial recommendations: avoid downloading unofficial and pirated software and use a reliable antivirus solution. These measures reduce the chances of accidentally running a disguised installer containing the infostealer.
It’s also beneficial to enable additional account security layers and limit automatic saving of credentials in browsers and applications to minimize damage if compromised.
Why is this important?
For miners with any number of devices, the threat can be both direct and indirect: theft of data from wallets and browsers can lead to financial loss, while account compromise on gaming and communication services creates further risks. Even if you don’t keep large sums on a single PC, restoring security takes time and effort.
Even at smaller mining scales, losing access to key services or leaking credentials complicates operations and increases device management workload. Preventive measures help save time and resources.
What should you do?
- Do not download mods, cheats, or cracks from unverified sources; prefer official websites and stores.
- Install and regularly update reliable antivirus software and perform full system scans periodically.
- Enable two-factor authentication on all services where available to make unauthorized access harder if passwords are stolen.
- Use secure password managers instead of browser autofill and keep backup copies of keys in offline locations.
- Limit Windows account privileges: avoid using an administrator account for daily tasks to reduce damage if malware runs.
FAQ
How does Stealka spread? Stealka spreads through disguised files on platforms like Github and Sourceforge: attackers publish mods, cheats, and cracks embedding the infostealer for Windows.
What data does the malware target? The malware collects data from browsers, cryptocurrency wallets, messengers, gaming platforms, as well as system information and screenshots.
Which applications are at risk? Vulnerable applications include browsers such as Chrome and Firefox, wallets like Metamask and Coinbase, and platforms like Steam and Discord.
What does Kaspersky recommend? Kaspersky advises using reliable antivirus software and avoiding software from unverified sources, especially pirated builds.
How to quickly check your system? Run a full antivirus scan, check startup programs and installed browser extensions, change passwords, and enable two-factor authentication where possible.