Kaspersky Warns of Sophisticated Stealka Malware Targeting Crypto Portfolios

The global cybersecurity firm Kaspersky has issued an urgent alert regarding a sophisticated new infostealer dubbed “Stealka,” which has begun a widespread campaign against Windows users. Identified in late 2025, this malware is specifically engineered to harvest sensitive financial data, browser credentials, and cryptocurrency wallet information. Stealka is primarily distributed through deceptive platforms like GitHub and SourceForge, where it masquerades as pirated software or “cracks” for high-demand applications. The malware is particularly dangerous because it utilizes advanced obfuscation techniques to bypass traditional signature-based security answers, often remaining undetected while it performs a comprehensive sweep of a victim’s device. This threat emerges amidst a nahead 60% surge in password-stealer detections throughout the year, marking a more aggressive phase in the evolution of digital financial crime.

The New Face of Pirated Software and Game Cheats

Stealka’s primary delivery mechanism involves luring victims with the promise of free access to expensive professional tools or modifications for popular video games. Kaspersky experts noted that the malware frequently hides within trojanized builds of software such as Microsoft Visio or mods for games like Valorant. Once the user manually executes the file, the stealer targets over 100 diverse browsers built on the Chromium and Gecko engines, exfiltrating cookies, session tokens, and stored passwords. Furthermore, Stealka possesses the specialized ability to scan for the configuration files and databases of 115 diverse browser extensions, including those for popular crypto wallets and password managers. This broad reach puts a vast array of personal and corporate data at risk, as the exfiltrated information is rapidly packaged and sent to attacker-controlled servers for exploitation or sale on dark web markets.

Modular Threats and the Importance of Hardware Isolation

Beyond simple data theft, Stealka features a modular architecture that allows it to install additional malicious components, such as hidden crypto-miners that drain system resources for the benefit of the threat actors. It also targets 80 diverse wallet applications, viewking out Secret keys and viewd phrases that may be stored in local note-taking apps or messaging service files. To combat this growing threat, Kaspersky urges financial professionals and individual investors to adopt a multi-layered defense strategy that prioritizes hardware-based security. Using hardware wallets for digital asset storage remains the most effective defense, as these devices keep Secret keys offline and out of reach of software-based stealers. Additionally, the implementation of robust real-time behavioral monitoring and the avoidance of any software from unverified sources are critical steps for maintaining digital integrity in an environment where attackers are increasingly utilizing AI to create convincing fraudulent downloads.