The rise of digital tools has facilitated and accelerated online use, but it has also brought new risks to the surface for users, particularly in the financial and cryptocurrency sectors. Kaspersky security researchers have identified a new malware called Stealka, which primarily targets Windows users. This malware is designed to attack cryptocurrency wallets and browser extensions, masquerading as game mods or cheat files to trick users into installing it.
In brief
- Kaspersky describes Stealka as Windows malware targeting crypto wallets and browser extensions, hidden under the guise of game mods or cheat files.
- Popular wallets like MetaMask, Coinbase, Binance or Trust Wallet are exposed to this risk.
- Kaspersky recommends the use of antivirus software, two-factor authentication, extreme caution when downloading, and keeping backup codes to limit the risks associated with Stealka.
How Stealka works and distribution tactics
According to Kaspersky, Stealka is only activated once the file is manually opened by the user. From there, the malware quietly carries out its functions, collecting sensitive data from the infected device and transmitting it to systems controlled by its creators. This information allows attackers to access victims' accounts, embezzle cryptocurrency funds, and even exploit the machine for crypto mining without the user's knowledge.
The malware is mainly distributed via popular platforms such as GitHub, SourceForge, Softpedia or sites.google.com. In the most sophisticated campaigns, cybercriminals go so far as to create entirely credible fake sites, sometimes enhanced usingartificial intelligence tools to reinforce their legitimate appearance. Without effective antivirus protection, the majority of users will not detect the deception, and some will end up running the file despite suspicious signs.
Stealka Data Theft Targets and Capabilities
Stealka has several modules, but its main function remains the collection of information from browsers based on the Chromium and Gecko engines. More than a hundred browsers are affected, including Chrome, Firefox, Opera, Yandex Browser, Edge and Brave. The malware exploits locally stored data, such as login credentials, addresses or payment information, giving attackers extensive access to victims' accounts and systems.
Additionally, Stealka is able to interact with data and settings from 115 browser extensions, including cryptocurrency wallets, password managers and two-factor authentication tools. Affected wallets include Crypto.com, SafePal, Trust Wallet, Binance, Coinbase, MetaMask, Ton, and Exodus.
Precautionary measures for users
To protect against threats like Stealka, Kaspersky recommends several essential security measures:
- Install and maintain reliable antivirus software, even when files come from reputable platforms, as these can be hijacked by malicious actors.
- Exercise extreme caution when downloading hacks, game mods, or unofficial software, and avoid storing sensitive information directly in browsers.
- Enable two-factor authentication to add an extra layer of protection against unauthorized access.
- Maintain fallback codes for sensitive accounts, enabling recovery in the event of compromise and strengthening overall security.
Stealka is part of a broader trend of cyber threats that continue to increase in scope and sophistication. Cloudflare recently reported that phishing emails account for a major share of email threats, with more than half of dangerous messages containing phishing links. In total, more than 5% of emails sent globally contain malicious content, and around a quarter include harmful HTML attachments. These figures illustrate the scale of today's digital threats and highlight the importance of adopting proactive cybersecurity measures.
Maximize your Tremplin.io experience with our 'Read to Earn' program! For every article you read, earn points and access exclusive rewards. Sign up now and start earning benefits.
