Particle.news
Download on the App Store
6 ARTICLES
·
23h ago

Researchers Warn of ‘ModStealer,’ an Undetected Cross-Platform Threat Draining Browser Crypto Wallets

The malware spreads through fake developer recruiter ads using obfuscated Node.js code to evade signature-based antivirus.

This invisible 'modstealer' is targeting your browser based crypto wallets
Image
Modstealer malware bypasses antivirus, targets crypto wallets

Overview

  • Mosyle says the infostealer has evaded all major antivirus engines for nearly a month since first surfacing on VirusTotal.
  • The strain targets macOS, Windows, and Linux, scanning for 56 browser wallet extensions while harvesting credentials, configuration data, and certificates.
  • Capabilities include clipboard hijacking, screen capture, and remote code execution that could grant attackers broad control of infected devices.
  • On macOS it persists via launchctl as a LaunchAgent, with signs of infection including a hidden .sysupdater.dat file and traffic to 95.217.121.184.
  • Security experts warn of direct risk to crypto users and platforms and urge behavior-based monitoring and caution around developer-focused job links, with Mosyle assessing a MaaS distribution model.