Kaspersky Lab experts have identified the Stealka malware, which targets Windows users to steal their sensitive data. Beyond simple information theft, the software installs a hidden miner on devices to generate cryptocurrency for the attackers.
Infection Channels
Cybercriminals are hosting malicious files on platforms like GitHub, SourceForge, and Softpedia. The program requires users to manually run the file to activate the infection. Hackers disguise Stealka as Roblox scripts or cracked versions of Microsoft Visio.
To gain credibility, they create websites with fake banners that impersonate antivirus scan results. Ushkov explained that the names of these pages and files are merely tools to attract traffic and do not reflect the actual content. The software is frequently advertised as professional Windows solutions or highly anticipated game releases.
How the Infostealer Causes Harm
The program targets browsers built on Chromium and Gecko, including Chrome, Firefox, Brave, and Edge. The virus extracts saved passwords, addresses, payment details, and cookies.
Stolen cookies allow attackers to bypass two-factor authentication and hijack accounts without ever needing a password. Hackers then use these compromised social media profiles to spread the malicious code further through the victim's contact list.
The primary target for Stealka is a list of 115 browser extensions. This includes popular wallets like Binance, Coinbase, MetaMask, Trust Wallet, and Phantom. The virus copies wallet configuration files containing encrypted private keys and seed phrases. This data is sufficient for attackers to completely drain the victim's funds.
The infostealer also siphons data from messengers like Telegram and Discord, email clients, and VPN services. Hackers gain access to authentication tokens and chat histories. The program scans password managers as well as gaming platforms like Steam and software for Battle.net.
Additionally, the virus combs through personal notes for confidential information. Along with harvesting technical data about the computer’s configuration and operating system, the virus takes desktop screenshots and sends them to a command server. Furthermore, the software installs a hidden miner that puts excessive strain on the CPU and GPU, wearing down the hardware of the infected device.
Read also:
- North Korean Hackers Loot $300M via Fake Zoom Calls
- AI Agents Uncover Millions in Blockchain Vulnerabilities
- Korean Authorities Pin Upbit Hack on Lazarus Group
This post is for informational purposes only and does not constitute advertising or investment advice. Please do your own research before making any decisions.