News

Stealer Stealka Masquerades as Game Cheats and Software Activators

Researchers from Kaspersky Lab have discovered a new stealer called Stealka. The Trojan targets Windows systems and steals confidential information ranging from login credentials and passwords to payment card data and cryptocurrency wallets. Russia records the highest number of malware attacks, with additional activity detected in Turkey, Brazil, Germany, and India.

Distribution Methods

Attackers disguise Stealka as legitimate software—fake mods and cheats for games, and activators for various programs. These fakes are distributed through popular platforms like GitHub and SourceForge, as well as through the attackers' own websites that mimic gaming resources.

The fake pages are well-made, and researchers believe AI tools may have been used in their development. One such site even simulates a "security solution" file scan before download to create a false sense of security for potential victims.

Technical Capabilities

Stealka is based on another malware called Rabbit Stealer. The Trojan collects logins, passwords, payment data, and system information—including OS version, list of installed applications, and running processes—from infected systems. The primary focus is on data from browsers.

The malware can also take screenshots and, in some cases, downloads a cryptocurrency miner onto the compromised machine.

"Beyond information from browsers, Stealka steals confidential data from many other sources—cryptocurrency wallets, messengers, email clients, note-taking applications, and gaming projects," explains Artem Ushkov, a cybersecurity expert at Kaspersky Lab.

Leveraging Stolen Data

Attackers can use previously stolen data to spread the malware further. Ushkov notes that in one case, the attackers uploaded an infected game mod for GTA V containing the stealer to a specialized site—using credentials from a compromised account.

This technique allows the malware to appear more legitimate, as it originates from what appears to be a trusted source within the gaming community.

Cisco Warns of Unpatched Zero-Day Vulnerability in AsyncOS

Cisco has warned customers about an unpatched zero-day vulnerability in Cisco AsyncOS that is already being actively exploited in attacks targeting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) devices. The vulnerability, assigned the identifier CVE-2025-20393, affects only Cisco SEG and Cisco SEWM devices with non-standard configurations.

Chainalysis: In 2025, Hackers Stole $3.41 Billion in Cryptocurrency

Blockchain analysts from Chainalysis released their annual report showing that malicious actors stole $3.41 billion in cryptocurrency over the past year. North Korean hackers accounted for more than $2.02 billion of that total, with nearly $1.5 billion coming from a single attack on the Bybit cryptocurrency exchange.

New UEFI Vulnerability Threatens Motherboards from Gigabyte, MSI, Asus, and ASRock

Researchers from Riot Games have discovered a vulnerability in the UEFI implementation on motherboards from Asus, Gigabyte, MSI, and ASRock. The bug allows DMA (Direct Memory Access) attacks that bypass system protection during the boot phase. The issue received multiple identifiers—CVE-2025-11901, CVE-2025-14302, CVE-2025-14303, and CVE-2025-14304—due to differences in

Distribution Methods

Technical Capabilities

Leveraging Stolen Data

Read next