Cyble Vulnerability Intelligence researchers tracked 2,415 vulnerabilities in the last week, a significant increase over even last week’s very high number of new vulnerabilities. The increase signals a heightened risk landscape and expanding attack surface in the current threat environment. 

Over 300 of the disclosed vulnerabilities already have a publicly available Proof-of-Concept (PoC), significantly increasing the likelihood of real-world attacks. 

A total of 219 vulnerabilities were rated as critical under the CVSS v3.1 scoring system, while 47 received a critical severity rating based on the newer CVSS v4.0 scoring system.  

Even after factoring out a high number of Linux kernel and Adobe vulnerabilities (chart below), new vulnerabilities reported in the last week were still very high. 

What follows are some of the IT and ICS vulnerabilities flagged by Cyble threat intelligence researchers in recent reports to clients spanning December 9-16. 

The Week’s Top IT Vulnerabilities 

CVE-2025-59385 is a high-severity authentication bypass vulnerability affecting several versions of QNAP operating systems, including QTS and QuTS hero. Fixed versions include QTS 5.2.7.3297 build 20251024 and later, QuTS hero h5.2.7.3297 build 20251024 and later, and QuTS hero h5.3.1.3292 build 20251024 and later. 

CVE-2025-66430 is a critical vulnerability in Plesk 18.0, specifically affecting the Password-Protected Directories feature. It stems from improper access control, potentially allowing attackers to bypass security mechanisms and escalate privileges to root-level access on affected Plesk for Linux servers. 

CVE-2025-64537 is a critical DOM-based Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager. The vulnerability could allow attackers to inject malicious scripts into web pages, which are then executed in the context of a victim’s browser, potentially leading to session hijacking, data theft, or further exploitation. 

CVE-2025-43529 is a critical use-after-free vulnerability in Apple’s WebKit browser engine, which is used in Safari and other Apple applications. The flaw could allow attackers to execute arbitrary code on affected devices by tricking users into processing maliciously crafted web content, potentially leading to full device compromise. CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. 

CVE-2025-59718 is a critical authentication bypass vulnerability affecting multiple versions of Fortinet products, including FortiOS, FortiProxy, FortiSwitchManager, and FortiWeb. The flaw could allow unauthenticated attackers to bypass FortiCloud Single Sign-On (SSO) login authentication by sending a specially crafted SAML message. The vulnerability has been added to CISA’s KEV catalog. 

Notable vulnerabilities discussed in open-source communities included CVE-2025-55182, a critical unauthenticated remote code execution (RCE) vulnerability affecting React Server Components; CVE-2025-14174, a critical memory corruption vulnerability affecting Apple’s WebKit browser engine; and CVE-2025-62221, a high-severity use-after-free elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. 

Vulnerabilities Discussed on the Dark Web 

Cyble Research and Intelligence Labs (CRIL) researchers also observed several threat actors discussing weaponizing vulnerabilities on dark web forums. Among the vulnerabilities under discussion were: 

CVE-2025-55315, a critical severity vulnerability classified as HTTP request/response smuggling due to inconsistent interpretation of HTTP requests in ASP.NET Core, particularly in the Kestrel server component. The flaw arises from how chunk extensions in Transfer-Encoding: chunked requests with invalid line endings are handled differently by ASP.NET Core compared to upstream proxies, enabling attackers to smuggle malicious requests. An authorized attacker can exploit this vulnerability over a network to bypass security controls, leading to impacts such as privilege escalation, SSRF, CSRF bypass, session hijacking, or code execution, depending on the application logic. 

CVE-2025-59287 is a critical-severity remote code execution (RCE) vulnerability stemming from improper deserialization of untrusted data in Microsoft Windows Server Update Services (WSUS). The core flaw occurs in the ClientWebService component, where a specially crafted SOAP request to endpoints like SyncUpdates triggers decryption and unsafe deserialization of an AuthorizationCookie object using .NET’s BinaryFormatter, allowing arbitrary code execution with SYSTEM privileges. Unauthenticated remote attackers can exploit this over WSUS ports (e.g., 8530/8531) to deploy webshells or achieve persistence, with real-world exploitation already observed. 

CVE-2025-59719, a critical severity vulnerability due to improper cryptographic signature verification, permitting authentication bypass in Fortinet FortiWeb through FortiCloud SSO. Attackers can submit crafted SAML response messages to evade login checks without proper authentication. This unauthenticated flaw has a high impact and has been actively exploited post-disclosure. 

ICS Vulnerabilities 

Cyble also flagged two industrial control system (ICS) vulnerabilities as meriting high-priority attention by security teams. They include: 

CVE-2024-3596: multiple versions of Hitachi Energy AFS, AFR, and AFF Series products are affected by a RADIUS Protocol vulnerability, Improper Enforcement of Message Integrity During Transmission in a Communication Channel. Successful exploitation of the vulnerability could compromise the integrity of the product data and disrupt its availability. 

CVE-2025-13970: OpenPLC_V3 versions prior to pull request #310 are vulnerable to this Cross-Site Request Forgery (CSRF) flaw. Successful exploitation of the vulnerability could result in the alteration of PLC settings or the upload of malicious programs. 

Conclusion 

The record number of new vulnerabilities observed by Cyble in the last week underscores the need for security teams to respond with rapid, well-targeted actions to patch the most critical vulnerabilities and successfully defend IT and critical infrastructure. A risk-based vulnerability management program should be at the heart of those defensive efforts. 

Other cybersecurity best practices that can help guard against a wide range of threats include segmentation of critical assets; removing or protecting web-facing assets; Zero-Trust access principles; ransomware-resistant backups; hardened endpoints, infrastructure, and configurations; network, endpoint, and cloud monitoring; and well-rehearsed incident response plans. 

Cyble’s comprehensive attack surface management solutions can help by scanning network and cloud assets for exposures and prioritizing fixes, in addition to monitoring for leaked credentials and other early warning signs of major cyberattacks. 

The post The Week in Vulnerabilities: More Than 2,000 New Flaws Emerge  appeared first on Cyble.

Cyble – ​Read More

The outgoing year of 2025 has significantly transformed our access to the Web and the ways we navigate it. Radical new laws, the rise of AI assistants, and websites scrambling to block AI bots are reshaping the internet right before our eyes. So, what do you need to know about these changes, and what skills and habits should you bring with you into 2026? As is our tradition, we’re framing this as eight New Year’s resolutions. What are we pledging for 2026?

Get to know your local laws

Last year was a bumper crop for legislation that seriously changed the rules of the internet for everyday users. Lawmakers around the world have been busy:

• Banning social media for teens
• Introducing strict age verification (think scanning your ID) procedures to visit certain categories of websites
• Requiring explicit parental consent for minors to access many online services
• Applying pressure through blocks and lawsuits against platforms that wouldn’t comply with existing child protection laws — with Roblox finding itself in a particularly bright spotlight.

Your best bet is to get news from sites that report calmly and without sensationalism, and to review legal experts’ commentary. You need to understand what obligations fall on you, and, if you have underage children, what changes for them.

You might face difficult conversations with your kids about new rules for using social media or games. It’s crucial that teenage rebellion doesn’t lead to dangerous mistakes, such as installing malware disguised as a “restriction-bypassing mod” or migrating to small, unmoderated social networks. Safeguarding the younger generation requires reliable protection on their computers and smartphones, alongside parental control tools.

But it’s not just about simple compliance with the laws. You will almost certainly encounter negative side effects that lawmakers didn’t anticipate.

Master new methods of securing access

Some websites choose to geoblock certain countries entirely to avoid the complexities of complying with regional regulations. If you are certain your local laws allow access to the content, you can bypass these geoblocks by using a VPN. You need to select a server in a country where the site is accessible.

It’s important to choose a service that doesn’t just offer servers in the right locations, but actually enhances your privacy — as many free VPNs can effectively compromise it. We recommend Kaspersky VPN Secure Connection.

Brace for document leaks

While age verification can be implemented in different ways, it often involves the website using a third-party verification service. On your first login attempt, you’ll be redirected to a separate site to complete one of several checks: take a photo of your ID or driver’s license, use a bank card, or nod and smile for a video, and so on.

The mere idea of presenting a passport to access adult websites is deeply unpopular with many people on principle. But beyond that, there’s a serious risk of data leaks. These incidents are already a reality: data breaches have impacted a contractor used to verify Discord users, as well as service providers for TikTok and Uber. The more websites that require this verification, the higher the risk of a leak becomes.

So, what can you do?

• Prioritize services that do not require document uploads. Instead, look for those utilizing alternative age verification methods, such as a micro-transaction charge to a payment card, confirmation through your bank or another trusted external provider, or behavioral/biometric analysis.
• Pick the least sensitive and easiest-to-replace document you have, and use only that one for all verifications. “Least sensitive” in this case means containing minimal personal data and not referencing other primary identifiers, such as a national ID number.
• Use a separate, dedicated email address and phone number in combination with that document. For the sites and services that don’t verify your identity, use completely different contact details. This makes it much harder for your data to be easily pieced together from different leaks.

Learn scammers’ new playbook

It’s highly likely that under the guise of “age verification”, scammers will begin phishing for personal and payment data, and pushing malware onto visitors. After all, it’s very tempting to simply copy and paste some text on your computer instead of uploading a photo of your passport. Currently, ClickFix attacks are mostly disguised as CAPTCHA checks, but age verification is the logical next step for these schemes. How to lower these risks?

• Carefully check any websites that require verification. Do not complete the verification if you’ve already done it for that service before, or if you landed on the verification page via a link from a messaging app, search engine, or ad.
• Never download apps or copy and paste text for verification. All legitimate services operate within the browser window, though sometimes desktop users are asked to switch to a smartphone to complete the check.
• Analyze and be suspicious of any situation that requires entering a code received via a messaging app or SMS to access a website or confirm an action. This is often a scheme to hijack your messaging account or another critical service.
• Install reliable security software on all your computers and smartphones to help block access to scam sites. We recommend Kaspersky Premium — it offers a secure VPN, malware protection, alerts if your personal data appears in public leaks, a Kaspersky Password Manager, Kaspersky Safe Kids, and much more.

Cultivate healthy AI usage habits

Even if you’re not a fan of AI, you’ll find it hard to avoid — it’s literally being shoved into each everyday service: Android, Chrome, MS Office, Windows, iOS, Creative Cloud… the list is endless. As with fast food, television, TikTok, and other easily accessible conveniences, the key is striking a balance between the healthy use of these assistants and developing a dangerous dependency.

Identify the areas where your mental sharpness and personal growth matter most to you. A person who doesn’t run regularly loses fitness. Someone who always uses GPS navigation gets worse at reading paper maps. Wherever you value the work of your mind, offloading it to AI is a path to losing your edge. Maintain a balance: regularly do that mental work yourself — even if an AI can do it well — from translating text to looking up info on Wikipedia. You don’t have to do it all the time, but remember to do it often enough. For a more radical approach, you can also disable AI services wherever possible.

Know where the cost of a mistake is high. Despite developers’ best efforts, AI can sometimes deliver completely wrong answers with total confidence. These so-called hallucinations are unlikely to be fully eradicated anytime soon. Therefore, for important documents and critical decisions, either avoid using AI entirely or scrutinize its output with extreme care. Check every number, every comma.

In other areas, feel free to experiment with AI. But even for seemingly harmless uses, remember that mistakes and hallucinations are a real possibility.

How to lower the risk of leaks. The more you use AI, the more of your information goes to the service provider. Whenever possible, prioritize AI features that run entirely on your device. This category includes things like the protection against fraudulent sites in Chrome, text translation in Firefox, the rewriting assistant in iOS, and so on. You can even run a full-fledged chatbot locally on your own computer.

AI agents need close supervision. The agentic capabilities of AI — where it doesn’t just suggest but actively does work for you — are especially risky. Thoroughly research the risks in this area before trusting an agent with shopping or booking a vacation. Use modes where the assistant asks for your confirmation before entering personal data, let alone doing any shopping.

Audit your subscriptions and plans

The economics of the internet are shifting right before our eyes. The AI arms race is driving up the cost of components and computing power, tariffs and geopolitical conflicts are disrupting supply chains, and baking AI features into familiar products sometimes comes with a price hike. Practically any online service can get more expensive overnight, sometimes by double-digit percentages. Some providers are taking a different route, moving away from a fixed monthly fee to a pay-per-use model for things like songs downloaded or images generated.

To avoid nasty surprises when you check your bank statement, make it a habit to review the terms of all your paid subscriptions at least three or four times a year. You might find that a service has updated its plans and you need to downgrade to a simpler one. Or a service might have quietly signed you up for an extra feature you’re not even aware of — and you need to disable it. Some services might be better switched to a free tier or canceled altogether. Financial literacy is becoming a must-have skill for managing your digital spending.

To get a complete picture of your subscriptions and truly understand how much you’re spending on digital services each month or year, it’s best to track them all in one place. A simple Excel or Google Docs spreadsheet works, but a dedicated app like Subscrab is more convenient. It sends reminders for upcoming payments, shows all your spending month-by-month, and can even help you find better deals on the same or similar services.

Prioritize the longevity of your tech

While the allure of powerful new processors, cameras, and AI features might tempt you to buy a new smartphone or laptop in 2026, it’s very likely this purchase will last you several years. First, the pace of meaningful new features has slowed, and the urge to upgrade frequently has diminished for many. Second, gadget prices have risen significantly due to more expensive chips, labor and shipping, making major purchases harder to justify. Furthermore, regulations like those in the EU now require easily replaceable batteries in new devices, meaning the part that wears out the fastest in a phone will be simpler and cheaper to swap out yourself.

So, what does it take to make sure your smartphone or laptop reliably lasts those years?

• Physical protection. Use cases, screen protectors, and maybe even a waterproof pouch.
• Proper storage. Avoid extreme temperatures, don’t leave it baking in direct sun or freezing overnight in a car at –15°C.
• Battery care. Avoid regularly draining it to single-digit percentages.
• Regular software updates. This is the trickiest part. Updates are essential for security, protecting your phone or laptop from new types of attacks. However, updates can sometimes cause slowdowns, overheating, or battery drain. The prudent approach is to wait about a week after a major OS update, check feedback from users with your exact model, and only install it if the coast seems clear.

Secure your smart home

The Smart Home is giving way to a new concept: the Intelligent Home. The idea is that neural networks will help your home make its own decisions about what to do and when, all for your convenience — without needing pre-programmed routines. Thanks to the Matter 1.3 standard, a smart home can now manage not just lights, TVs, and locks, but also kitchen appliances, dryers, and even EV chargers! Even more importantly, we’re seeing a rise in devices where Matter over Thread is the native, primary communication protocol, like the new IKEA KAJPLATS lineup. Matter-powered devices by different vendors can see and communicate with each other. This means you can, say, buy an Apple HomePod as your smart home central hub and connect Philips Hue bulbs, Eve Energy plugs, and IKEA BILRESA switches to it.

All of this means that smart and intelligent homes will become more common — and so will the ways to attack them. We have a detailed article on smart home security, but here are a few key tips relevant in light of the transition to Matter.

• Consolidate your devices into a single Matter fabric. Use the minimum number of controllers, for example, one Apple TV + one smartphone. If a TV or another device accessible to many household members acts as a controller, be sure to use password security and other available restrictions for critical functions.
• Choose a hub and controller from major manufacturers with a serious commitment to security.
• Minimize the number of devices connecting your Matter fabric to the internet. These devices, referred to as Border Routers, must be well-protected from external cyberattacks, for example, by restricting their access at the level of your home internet router.
• Regularly audit your home network for any suspicious, unknown devices. In your Matter fabric, this is done via your controller or hub, and in your home network via your primary router or a feature like Smart Home Monitor in Kaspersky Premium.

Kaspersky official blog – ​Read More

The Indian government has introduced explicit legal provisions under subsection 42(3)(c) and subsection 42(3)(f) of the Telecommunications Act, 2023, formally classifying the tampering with telecommunication identifiers and the willful possession of radio equipment using unauthorized or altered identifiers as criminal offenses. These measures are intended to address persistent challenges related to sim misuse, telecom fraud, and the exploitation of digital communication infrastructure across India. 

The legal clarification was outlined in a press release issued by the Press Information Bureau (PIB) on 17 December, following a written response in the Lok Sabha by Minister of State for Communications and Rural Development Dr. Pemmasani Chandra Sekhar. The response addressed the liability of mobile subscribers and broader cybersecurity concerns arising from the misuse of telecommunication resources. 

Legal Provisions Targeting Tampering and Unauthorized Equipment 

Under sub-section 42(3)(c) of the Telecommunications Act, 2023, any act involving the tampering of telecommunication identifiers is now treated as a punishable offence. Telecommunication identifiers include elements such as subscriber identity modules, equipment identity numbers, and other unique identifiers that form the basis of lawful access to communication networks. 

In parallel, sub-section 42(3)(f) criminalizes the willful possession of radio equipment when the individual knows that such equipment operates using unauthorized or tampered telecommunication identifiers. This provision is important in cases involving cloned devices, illegal intercept equipment, or modified communication hardware that can be used to bypass regulatory controls. 

The government has further reinforced these offences through Telecom Cyber Security Rules, which prohibit intentionally removing, obliterating, altering, or modifying unique telecommunication equipment identification numbers. The rules also bar individuals from producing, trafficking, using, or possessing hardware or software linked to telecommunication identifiers when they are aware that such configurations are unauthorized. 

Sim Misuse and Fraudulent Acquisition of Telecom Identifiers 

Addressing the broader issue of sim misuse, the Minister highlighted that sub-section 42(3)(e) of the Telecommunications Act, 2023, criminalizes the acquisition of subscriber identity modules or other telecommunication identifiers through fraud, cheating, or impersonation. Fraudulently obtained SIM cards have frequently been linked to cyber fraud, financial crimes, and identity theft, prompting the need for clear statutory deterrents. 

The government noted that responsibilities relating to “Police” and “Public Order” fall within the jurisdiction of State governments, as outlined in the Seventh Schedule of the Constitution of India. As a result, enforcement of these provisions relies on coordination between central regulatory authorities and State law enforcement agencies. 

To prevent misuse at the onboarding stage, the Department of Telecommunications (DoT) has mandated, through license conditions, that Telecom Service Providers (TSPs) conduct adequate verification of every customer before issuing SIM cards or activating services. 

Regulatory Oversight and Public Reporting Mechanisms 

Beyond criminal penalties, the regulatory framework stresses oversight and early detection of telecom-related abuse. The DoT has developed mechanisms that allow citizens to report suspected misuse of telecom resources, enabling authorities and service providers to identify patterns of fraud and deactivate offending numbers or connections. 

These measures are designed to hold offenders accountable while protecting legitimate subscribers from the consequences of sim misuse. By encouraging public reporting, authorities aim to strengthen collective vigilance against telecom-enabled cybercrime without shifting responsibility away from regulated entities. 

Policy Debate and Withdrawal of Mandatory App Installation 

The legal provisions under the Telecommunications Act gained broader public attention following controversy over a government directive that required the mandatory pre-installation of a related mobile application on all new smartphones. The directive sparked criticism from privacy advocates, opposition leaders, and technology companies, who raised concerns about user consent, surveillance risks, and excessive permissions. 

Amid growing public backlash and resistance from device manufacturers, the Ministry of Communications withdrew the mandatory pre-installation order in early December, clarifying that the application would remain voluntary. The government stated that its withdrawal did not affect the underlying legal framework established under the Telecommunications Act, 2023. 

The debate does not change the intent of the law. By criminalizing tampering with telecommunication identifiers and knowingly possessing radio equipment using unauthorized identifiers under sub-section 42(3)(c) and sub-section 42(3)(f), the framework establishes clear accountability for SIM misuse. As enforcement tightens, organizations need visibility into telecom-enabled fraud and infrastructure abuse. Cyble provides threat intelligence to help teams detect and assess these risks early.  

Request a personalized demo to see how Cyble supports proactive threat detection! 

References: 

• https://www.pib.gov.in/PressReleasePage.aspx?PRID=2205349&reg=1&lang=1 

The post India Criminalizes Tampering with Telecommunication Identifiers and Unauthorized Radio Equipment Under the Telecommunications Act  appeared first on Cyble.

Cyble – ​Read More

In November 2025, Kaspersky experts uncovered a new stealer named Stealka, which targets Windows users’ data. Attackers are using Stealka to hijack accounts, steal cryptocurrency, and install a crypto miner on their victims’ devices. Most frequently, this infostealer disguises itself as game cracks, cheats and mods.

Here’s how the attackers are spreading the stealer, and how you can protect yourself.

How Stealka spreads

A stealer is a type of malware that collects confidential information stored on the victim’s device and sends it to the attackers’ server. Stealka is primarily distributed via popular platforms like GitHub, SourceForge, Softpedia, sites.google.com, and others, disguised as cracks for popular software, or cheats and mods for games. For the malware to be activated, the user must run the file manually.

Here’s an example: a malicious Roblox mod published on SourceForge.

Attackers exploited SourceForge, a legitimate website, to upload a mod containing Stealka

And here’s one on GitHub posing as a crack for Microsoft Visio.

A pirated version of Microsoft Visio containing the stealer, hosted on GitHub

Sometimes, however, attackers go a step further (and possibly use AI tools) to create entire fake websites that look quite professional. Without the help of a robust antivirus, the average user is unlikely to realize anything is amiss.

A fake website pretending to offer Roblox scripts

Admittedly, the cracks and software advertised on these fake sites can sometimes look a bit off. For example, here the attackers are offering a download for Half-Life 3, while at the same time claiming it’s not actually a game but some kind of “professional software solution designed for Windows”.

Malware disguised as Half-Life 3, which is also somehow “a professional software solution designed for Windows”. A lot of professionals clearly spent their best years on this software…

The truth is that both the page title and the filename are just bait. The attackers simply use popular search terms to lure users into downloading the malware. The actual file content has nothing to do with what’s advertised — inside, it’s always the same infostealer.

The site also claimed that all hosted files were scanned for viruses. When the user decides to download, say, a pirated game, the site displays a banner saying the file is being scanned by various antivirus engines. Of course, no such scanning actually takes place; the attackers are merely trying to create an illusion of trustworthiness.

The pirated file pretends to be scanned by a dozen antivirus tools

What makes Stealka dangerous

Stealka has a fairly extensive arsenal of capabilities, but its prime target is data from browsers built on the Chromium and Gecko engines. This puts over a hundred different browsers at risk, including popular ones like Chrome, Firefox, Opera, Yandex Browser, Edge, Brave, as well as many, many others.

Browsers store a huge amount of sensitive information, which attackers use to hijack accounts and continue their attacks. The main targets are autofill data, such as sign-in credentials, addresses, and payment card details. We’ve warned repeatedly that saving passwords in your browser is risky — attackers can extract them in seconds. Cookies and session tokens are perhaps even more valuable to hackers, as they can allow criminals to bypass two-factor authentication and hijack accounts without entering the password.

The story doesn’t end with the account hack. Attackers use these compromised accounts to spread the malware further. For example, we discovered the stealer in a GTAV mod posted on a dedicated site by an account that had previously been compromised.

Beyond stealing browser data, Stealka also targets the settings and databases of 115 browser extensions for crypto wallets, password managers, and 2FA services. Here are some of the most popular extensions now at risk:

• Crypto wallets: Binance, Coinbase, Crypto.com, SafePal, Trust Wallet, MetaMask, Ton, Phantom, Exodus
• Two-factor authentication: Authy, Google Authenticator, Bitwarden
• Password management: 1Password, Bitwarden, LastPass, KeePassXC, NordPass

Finally, the stealer also downloads local settings, account data, and service files from a wide variety of applications:

• Crypto wallets. Wallet configurations may contain encrypted private keys, seed-phrase data, wallet file paths, and encryption parameters. That’s enough to at least make an attempt at stealing your cryptocurrency. At risk are 80 wallet applications, including Binance, Bitcoin, BitcoinABC, Dogecoin, Ethereum, Exodus, Mincoin, MyCrypto, MyMonero, Monero, Nexus, Novacoin, Solar, and many others.
• Messaging apps. Messaging app service files store account data, device identifiers, authentication tokens, and the encryption parameters for your conversations. In theory, a malicious actor could gain access to your account and read your chats. At risk are Discord, Telegram, Unigram, Pidgin, Tox, and others.
• Password managers. Even if the passwords themselves are encrypted, the configuration files often contain information that makes cracking the vault significantly easier: encryption parameters, synchronization tokens, and details about the vault version and structure. At risk are 1Password, Authy, Bitwarden, KeePass, LastPass, and NordPass.
• Email clients. These are where your account credentials, mail server connection settings, authentication tokens, and local copies of your emails can be found. With access to your email, an attacker will almost certainly attempt to reset passwords for your other services. At risk are Gmail Notifier Pro, Claws, Mailbird, Outlook, Postbox, The Bat!, Thunderbird, and TrulyMail.
• Note-taking apps. Instead of shopping lists or late-night poetry, some users store information in their notes that has no business being there, like seed phrases or passwords. At risk are NoteFly, Notezilla, SimpleStickyNotes, and Microsoft StickyNotes.
• Gaming services and clients. The local files of gaming platforms and launchers store account data, linked service information, and authentication tokens. At risk are Steam, Roblox, Intent Launcher, Lunar Client, TLauncher, Feather Client, Meteor Client, Impact Client, Badlion Client, and WinAuth for battle.net.
• VPN clients. By gaining access to configuration files, attackers can hijack the victim’s VPN account to mask their own malicious activities. At risk are AzireVPN, OpenVPN, ProtonVPN, Surfshark, and WindscribeVPN.

That’s an extensive list — and we haven’t even named all of them! In addition to local files, this infostealer also harvests general system data: a list of installed programs, the OS version and language, username, computer hardware information, and miscellaneous settings. And as if that weren’t enough, the malware also takes screenshots.

How to protect yourself from Stealka and other infostealers

• Secure your device with reliable antivirus software. Even downloading files from legitimate websites is no guarantee of safety — attackers leverage trusted platforms to distribute stealers all the time. Kaspersky Premium detects malware on your computer in time and alerts you to the threat.
• Don’t store sensitive information in browsers. It’s handy — no one can argue with that. But unfortunately browsers aren’t the most secure environment for your data. Sign-in credentials, bank card details, secret notes, and other confidential information are better kept in a securely encrypted format in Kaspersky Password Manager, which is immune to the exploits used by Stealka.
• Be careful with game cheats, mods, and especially pirated software. It’s better to pay up for official software than to chase the false savings offered by software cracks, and end up losing all your money.
• Enable two-factor authentication or use backup codes wherever possible. Two-factor authentication (2FA) makes life much harder for attackers, while backup codes help you regain access to your critical accounts if compromised. Just be sure not to store backup codes in text documents, notes, or your browser. For all your backup codes and 2FA tokens, use a reliable password manager.

Curious what other stealers are out there, and what they’re capable of? Read more in our other posts:

• Beware of stealers disguised as… wedding invitations
• AMOS infostealer distributed via ChatGPT chat-sharing feature
• Banshee: A stealer targeting macOS users
• Arcane stealer instead of Minecraft cheats
• Efimer Trojan using hacked websites to steal cryptocurrency

Kaspersky official blog – ​Read More