A new and dangerous type of malware called “Stealka” has been discovered by cybersecurity experts. This malware is disguised as free game mods and pirated software, making it especially dangerous for gamers and people looking for free downloads online. Stealka is designed to steal sensitive information like crypto wallet data, browser passwords, and session tokens from over 115 different browser extensions and apps.

Stealka spreads through well-known download sites such as GitHub, SourceForge, and Softpedia. Hackers create fake but professional-looking websites and upload infected files, pretending they are popular game cheats or mods for titles like Roblox or GTA V. Some of these fake pages even claim to have virus scans, but in reality, they do not offer any protection.

One example of this trick includes a fake mod advertised as “Half-Life 3” but described as professional Windows software—clearly a ploy to get attention and rank higher in search results.

The malware does far more than just steal passwords. It targets web browsers like Chrome, Firefox, Edge, and Opera, stealing autofill data, cookies, and session tokens that allow hackers to bypass two-factor authentication (2FA) and access accounts without needing a password. It also targets 115 browser extensions related to crypto wallets, password managers, and security tools.

High-risk targets include major crypto wallets like Binance, MetaMask, Trust Wallet, Coinbase, and Phantom. Password managers like 1Password, Bitwarden, LastPass, and NordPass are also on the list. The malware goes even further by downloading private data from over 80 wallet apps including Bitcoin, Ethereum, Monero, Dogecoin, and Exodus—data that could be used to steal entire crypto holdings.

But it doesn’t stop there. Stealka also looks for data in messaging apps like Discord and Telegram, email clients like Outlook and Thunderbird, gaming platforms such as Steam and Roblox launchers, and VPNs like ProtonVPN and Surfshark. Even notes apps are at risk if users store sensitive information there.

In addition to stealing data, Stealka collects hardware info, installed software lists, and even screenshots of the victim’s computer screen to gather as much information as possible.

Hackers have used hijacked accounts to spread the malware further. For example, one GTA V mod infected with Stealka was uploaded using a compromised account on a trusted modding site.

This discovery comes at a time when the crypto industry is already facing huge losses. In 2025 alone, crypto-related hacks have cost platforms around $9.1 billion. In November alone, more than $276 million was stolen—setting new records for yearly losses.

According to experts in the field, most of these attacks don’t happen because of bad code audits. Instead, they occur after products launch—during updates or integrations—because many Web3 projects skip basic security steps. Less than 10% use modern AI-based protection systems.

Cybercriminals are now focusing less on breaking code and more on tricking people. As blockchain code becomes harder to crack, attackers are targeting users directly through phishing scams, fake downloads, and social engineering tactics.

Kaspersky has also reported other related threats in the past, including:
– GitVenom: hundreds of fake GitHub repositories with malware
– SparkKitty: mobile malware that made it into Apple’s App Store and Google Play
– ClipBanker: trojans disguised as Microsoft Office installers

Some hacker groups have even taken things further by hiding malware in blockchain smart contracts. This tactic makes it almost impossible for law enforcement to shut down their operations.

To stay safe from threats like Stealka:
– Avoid downloading mods or software from unknown sources
– Be cautious of sites that look too good to be true
– Use antivirus tools and keep your system updated
– Never store sensitive information in unencrypted note-taking apps
– Enable two-factor authentication wherever possible

As cyber threats become more advanced, staying informed and cautious is more important than ever—especially for gamers and crypto users who are increasingly targeted.