New Two-Stage Malware Duo Targets Crypto Wallets and Browser Data

Discover how LeakyInjector and LeakyStealer malware target crypto wallets and browsers on Windows, bypassing security with advanced techniques.

By Content Team

Nov 7, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Cybersecurity researchers have discovered LeakyInjector and LeakyStealer, a dangerous malware pair that specifically targets cryptocurrency wallets and browser information on Windows computers.

The attack starts with LeakyInjector quietly installing LeakyStealer into the explorer.exe process using advanced injection techniques that bypass security software. LeakyStealer then hunts for popular crypto wallets including Electrum, Exodus, MetaMask, and Coinbase Wallet, while also stealing browser history from Chrome, Edge, Brave, Opera, and Vivaldi.

Both malware components use valid digital certificates to appear legitimate and employ a "polymorphic engine" that modifies memory to evade detection. The malware establishes persistence by disguising itself as "MicrosoftEdgeUpdateCore.exe" and survives system restarts.

Users should update security software, avoid untrusted downloads, and consider hardware wallets for crypto storage.

Source: Cybersecurity News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Cisco Drops 48 New Firewall Vulnerabilities, 2 Critical

Mar 6, 2026

Signal Warns Users After Russian Hackers Target Officials Through Phishing Scams

Mar 11, 2026

Inside the High-Stakes World of Ransomware Negotiations

Dec 30, 2025

What to Do When You Get a Data Breach Notice

Mar 4, 2026