Overview
- The infostealer is distributed through uploads on GitHub, SourceForge and Google Sites as well as via compromised accounts on legitimate mod portals and convincing fake websites with bogus antivirus badges.
- Lures include bogus cheats and mods for Roblox and Grand Theft Auto V and cracked packages such as Microsoft Visio installers, with reports indicating a primary focus on Windows systems.
- Stealka targets data from more than 100 Chromium- and Gecko-based browsers and 115 extensions, extracting credentials, autofill details and crypto wallet keys and seed phrases across roughly 80 wallet implementations including MetaMask, Binance Wallet and Coinbase.
- Kaspersky telemetry shows most confirmed infections in Russia with additional detections in Turkey, Brazil, Germany and India, and some bundles have also included cryptomining payloads.
- Kaspersky says its products blocked observed attempts and it has seen no confirmed large-scale cryptocurrency theft, and it urges users to avoid pirated downloads, rely on reputable security software, keep keys out of browsers and enable two-factor authentication.