BTC $95,075.00 -0.10%
ETH $3,318.53 +0.60%
SOL $142.25 -1.14%
AVAX $13.58 -0.49%
UNI $5.32 -1.22%
AAVE $173.24 -0.77%
MATIC $0.000000 +0.00%
ATOM $2.50 -2.84%
LINK $13.75 +0.34%
ADA $0.3929 -0.84%
DOT $2.15 -2.82%
DOGE $0.1372 -0.34%
SHIB $0.000008 -1.28%
LTC $75.59 +1.10%
TRX $0.3173 +1.60%
XLM $0.2266 -0.34%
XMR $585.70 -7.31%
ALGO $0.1291 -2.58%
VET $0.0116 -2.52%
BTC $95,075.00 -0.10%
ETH $3,318.53 +0.60%
SOL $142.25 -1.14%
AVAX $13.58 -0.49%
UNI $5.32 -1.22%
AAVE $173.24 -0.77%
MATIC $0.000000 +0.00%
ATOM $2.50 -2.84%
LINK $13.75 +0.34%
ADA $0.3929 -0.84%
DOT $2.15 -2.82%
DOGE $0.1372 -0.34%
SHIB $0.000008 -1.28%
LTC $75.59 +1.10%
TRX $0.3173 +1.60%
XLM $0.2266 -0.34%
XMR $585.70 -7.31%
ALGO $0.1291 -2.58%
VET $0.0116 -2.52%
HASH Banner
Home HASH Desk Kaspersky warns of...
HASH DESK

Kaspersky warns of Stealka malware targeting Crypto wallets

AI-Powered • Editor Verified
December 23, 2025
Kaspersky warns of Stealka malware targeting Crypto wallets

Cybersecurity firm Kaspersky has uncovered a new and highly sophisticated infostealer malware dubbed Stealka, warning that it poses a serious threat to cryptocurrency users and gamers alike.

First detected in November 2025, Stealka is spreading primarily through fake game modifications and pirated software, hosted on seemingly legitimate platforms such as GitHub, SourceForge, and Google Sites. 

According to Kaspersky, attackers have gone to significant lengths to disguise the malware, creating professional-looking websites and download pages that impersonate trusted sources.

The malware commonly masquerades as cheats or mods for popular games, including Roblox and Grand Theft Auto V, as well as cracked versions of legitimate software such as Microsoft Visio. Once installed, Stealka silently harvests sensitive data from infected systems.

Kaspersky said Stealka targets browsers built on Chromium and Gecko engines, putting more than 100 browsers at risk. These include widely used applications such as Chrome, Firefox, Edge, Opera, Brave, and Yandex Browser. The malware extracts autofill information, including login credentials, saved addresses, and payment card data.

A major focus of Stealka is cryptocurrency theft. The malware specifically scans browser extensions and local files linked to over 80 crypto wallets, including MetaMask, Binance, Coinbase, Crypto.com, Trust Wallet, Phantom, SafePal, Exodus, and Ton. 

It searches for highly sensitive information such as encrypted private keys, seed phrases, wallet file paths, and encryption parameters, data that could allow attackers to fully drain victims’ digital assets.

In addition to browser-based wallets, Stealka also targets standalone crypto wallet applications by accessing configuration files that contain critical security details. Kaspersky warned that once this information is exfiltrated, victims may have little chance of recovering stolen funds.

Beyond cryptocurrency, the malware compromises a wide range of applications, including messaging platforms like Discord and Telegram, email clients, gaming services, VPNs, and password managers. This broad scope enables attackers to hijack multiple accounts and potentially launch follow-up attacks.

Kaspersky urged users to avoid downloading unofficial software, cracked programs, or game mods from unverified sources and to use reputable security solutions to detect emerging threats.