The new malware ModStealer can bypass antivirus software to steal cryptocurrency wallets

ChainCatcher news, according to market reports, security company Mosyle has disclosed a cross-platform malware called ModStealer, which can disguise itself as a background helper program to bypass mainstream antivirus detection, specifically targeting the browser cryptocurrency wallet data on Windows, Linux, and macOS systems.

The software spreads by masquerading as job advertisements, targeting developers who have a Node.js environment installed. ModStealer can run automatically and collect wallet extensions, system credentials, and digital certificates, subsequently uploading the data to a remote C2 server. Security experts warn that this malware poses a direct threat to cryptocurrency users and platforms, potentially leading to the leakage of private keys, recovery phrases, and API keys, triggering large-scale on-chain attacks.