BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

ModStealer Malware Evades Detection, Targets Crypto Wallets

Malware spreads through fake recruiter ads aimed at developers.

  • New Malware called ModStealer targets crypto wallets on Windows, macOS, and Linux.
  • ModStealer evades common antivirus detection and steals sensitive data.
  • It disguises itself as a helper program and sends stolen details to remote servers.
  • Experts warn it poses a serious risk to crypto users and digital asset platforms.

A newly identified malware called ModStealer is actively targeting cryptocurrency users by stealing data from browser-based wallet extensions on computers running Windows, Linux, and macOS. The malware was discovered in early September after operating undetected for nearly a month and is distributed using fake job recruiter ads designed to reach developers.

- Advertisement -

According to security company Mosyle, the malware is spread through misleading advertisements that specifically target developers likely to have Node.js environments already set up. These ads contain obfuscated code, helping ModStealer avoid being flagged by most major antivirus tools. Once downloaded, the malware searches the infected system for browser wallet extensions, login credentials, and digital certificates.

Shān Zhang, the chief information security officer at blockchain security group Slowmist, stated to Decrypt that ModStealer works across multiple operating systems and “evades detection by mainstream antivirus solutions and poses significant risks to the broader digital asset ecosystem.” Once running, ModStealer sends all stolen information to command and control (C2) servers operated by attackers. C2 servers are systems cybercriminals use to coordinate and manage malware activities remotely.

On macOS devices, ModStealer persists by setting itself up as a background helper application that launches on startup. Signs of infection include the presence of a hidden file named “.sysupdater.dat” and unusual connections to suspicious servers. Zhang explained that its use of common persistence methods combined with strong code obfuscation help it remain undetected by signature-based security tools.

This discovery comes just after Ledger CTO Charles Guillemet warned of another breach involving an NPM developer account compromise that could have replaced crypto wallet addresses in user transactions. Although that attack was stopped early, Guillemet said packages had been set up to target Ethereum, Solana, and other blockchains.

- Advertisement -

Zhang cautioned that “private keys, seed phrases, and exchange API keys may be compromised, resulting in direct asset loss” for users. For the industry, he added, “mass theft of browser extension wallet data could trigger large-scale on-chain exploits.”

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Iranian Cavern Manticore Hacks Israeli Firms

An Iranian state-backed hacking group is using a new modular C2 framework, Cavern, targeting...

Microsoft Cuts 4,800 Jobs; Dow Hits Record High

Major U.S. stock indices rose on Monday, led by a rebound in technology and...

Saylor’s Strategy Sells $216M in Bitcoin At a Loss

Michael Saylor’s Strategy sold 3,588 BTC for $216 million, marking its first major sale...

New Linux KVM Bug Lets Guest Crash Host

A critical vulnerability dubbed 'Januscape' (CVE-2026-53359) allows a guest virtual machine to panic or...

Microsoft lays off 1,600, refocuses Xbox on AI

Microsoft is laying off approximately 1,600 Xbox employees immediately and eliminating another 1,250 roles...

Must Read

Top 9 Most Legit Bitcoin Faucets

Bitcoin faucets are platforms where you can earn Bitcoin free. Some other faucet apps and websites allow users to receive different cryptocurrencies for free....
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading