New malware ModStealer can bypass antivirus software to steal crypto wallets
ChainCatcher reported, according to market sources, that security company Mosyle has disclosed a cross-platform malware called ModStealer, which can disguise itself as a background assistant program to bypass mainstream antivirus software detection, specifically targeting the theft of browser crypto wallet data on Windows, Linux, and macOS systems.
This malware is spread through disguised recruitment advertisements, targeting developers who have installed the Node.js environment. ModStealer can run automatically and collect wallet extensions, system credentials, and digital certificates, then upload the data to a remote C2 server. Security experts warn that this malware poses a direct threat to crypto users and platforms, potentially leading to the leakage of private keys, mnemonic phrases, and API keys, which could trigger large-scale on-chain attacks.
.
