A new and dangerous malware called Stealka is making waves online. Disguised as free game mods and pirated software, this sneaky virus is designed to steal sensitive information like crypto wallet data and browser passwords. It spreads through well-known platforms like GitHub, SourceForge, and Softpedia using fake websites that look like legit download pages for popular games like GTA V and Roblox.

Cybercriminals are getting smarter, creating realistic-looking pages that trick users into downloading infected files. Some sites even pretend to run virus scans to gain trust—though they don’t actually check for anything. One fake site even advertised a non-existent game, “Half-Life 3,” claiming it was a “professional software solution for Windows,” just to attract more clicks.

Stealka isn’t your average malware. It’s highly advanced and can steal information from over 100 different apps. It specifically targets browsers built on Chromium and Gecko engines, such as Chrome, Firefox, Edge, and Opera. Once installed, it can grab autofill details, cookies, session tokens, and saved passwords—making it easy for hackers to access your accounts without needing your password or bypassing two-factor authentication.

Even more concerning, Stealka targets over 115 browser extensions tied to crypto wallets, password managers, and authentication tools. Big-name crypto wallets like MetaMask, Trust Wallet, Coinbase, Binance, and Phantom are at risk. It also goes after password managers like LastPass, NordPass, Bitwarden, and 1Password.

The malware digs deep into local files of over 80 crypto wallet applications, looking for encrypted private keys and seed phrases that could give hackers full access to your digital funds. These wallets include Bitcoin, Ethereum, Monero, Dogecoin, and Exodus.

But the threat doesn’t stop there. Stealka also goes after messaging apps like Discord and Telegram, email clients like Outlook and Thunderbird, VPN services like ProtonVPN and Surfshark, game launchers like Steam and Roblox, and even note-taking apps—where people sometimes unknowingly store sensitive info.

To gather even more data, the malware collects system information, lists of installed programs, hardware details, and screenshots of the user’s screen.

Some hackers have even used previously compromised modding community accounts to spread the malware further—like sneaking it into a GTA V mod posted on a trusted website.

The rise of Stealka highlights a bigger problem: the growing number of cyberattacks targeting gamers and crypto users. In just 2025 alone, crypto platforms have already lost $9.1 billion to hacks—a number that keeps climbing every month. November alone saw over $276 million in losses.

Security experts warn that most Web3 projects are not prepared. Many don’t use basic firewalls or modern AI security tools. As smart contracts become harder to hack directly, attackers are now focusing on human mistakes and weak security operations instead of technical flaws in code.

Threat groups are evolving fast. For example, North Korean hackers have been hiding malware inside smart contracts using a method called EtherHiding. They pose as job recruiters to trick people—stealing over $3.5 billion across 2024 and the first half of 2025.

Other campaigns discovered by researchers include fake GitHub repositories spreading malware (GitVenom), mobile spyware in app stores (SparkKitty), and trojans hidden in fake Office downloads (ClipBanker). Some threats even use blockchain technology itself to build decentralized command centers that can’t be taken down by authorities.

To stay safe from threats like Stealka:

– Only download mods or software from trusted sources.
– Avoid clicking on too-good-to-be-true game downloads.
– Use antivirus software and keep it updated.
– Don’t store sensitive information in unsecured apps or documents.
– Be cautious with browser extensions—especially those tied to crypto or security tools.
– Enable two-factor authentication wherever possible.

Cyber threats are getting more complex every day. Staying alert and cautious online is more important than ever—especially for gamers and crypto users.