A new wave of crypto-stealing malware named "Stealka" is spreading through pirated video game modifications, particularly those for the popular game Roblox. Cybersecurity firm Kaspersky identified this sophisticated infostealer in November 2025, raising alarms about the intersection of gaming and cryptocurrency vulnerabilities.

Stealka operates by embedding itself within unofficial mods, cheats, and cracks for Windows-based games and applications. These malicious files are often hosted on platforms like GitHub, SourceForge, Softpedia, and other websites where gamers seek free enhancements. Once a user downloads and installs an infected mod, Stealka stealthily harvests sensitive data from various sources.

The primary target of Stealka is cryptocurrency-related data, including private keys and seed phrases from popular wallets like Binance and MetaMask. By extracting this information, cybercriminals can access and drain a user's digital assets without detection. The malware also targets login credentials and data from major browsers such as Chrome, Firefox, Edge, Opera, Yandex, and Brave. It can also extract data from over 100 browser extensions, including crypto wallet tools associated with Binance, Coinbase, MetaMask, Crypto.com, and Trust Wallet. Password managers like 1Password, NordPass, and LastPass, as well as authentication tools such as Google Authenticator, Authy, and Bitwarden are also at risk.

Kaspersky's research indicates that Stealka has been distributed through legitimate-looking repositories, making it particularly dangerous for gamers seeking free modifications. The malware primarily affects users in Russia, but detections have also been observed in Türkiye, Brazil, Germany, and India.

To protect against Stealka and similar threats, cybersecurity experts recommend several precautions:

• Avoid downloading unofficial or pirated mods: Only download modifications from trusted sources and official channels.
• Use reputable antivirus software: Ensure your antivirus software is up-to-date and actively scanning for malware.
• Be cautious of suspicious files: Exercise caution when downloading files from the internet, especially if they come from unverified sources.
• Enable two-factor authentication: Protect your cryptocurrency wallets and other sensitive accounts with two-factor authentication.
• Securely store backup codes: If using two-factor authentication, store backup codes securely and avoid saving them in browsers or text files.
• Keep software updated: Regularly update your operating system, browsers, and other software to patch security vulnerabilities.

The emergence of Stealka highlights the growing threat of infostealer malware targeting cryptocurrency users through unexpected vectors like video game mods. By staying informed and adopting robust security practices, users can mitigate the risks and safeguard their digital assets.