ModStealer Malware Evades Antivirus to Target Crypto Wallets Across Platforms

Security researchers warn that ModStealer, a stealth infostealer targeting developers, can compromise crypto wallets across Windows, macOS, and Linux through obfuscated Node.js code and fake job ads.

ETH

89d ago

Fact Check

All three provided sources, including the reputable CoinDesk, corroborate the statement. They confirm the existence of 'ModStealer' malware, its cross-platform nature, its ability to evade antivirus detection, and its specific targeting of cryptocurrency wallets.

Summary

Mosyle researchers discovered ModStealer, a new cross-platform infostealer malware designed to exfiltrate sensitive data, including crypto wallet private keys, from Windows, macOS, and Linux systems. Distributed through fake recruiter job ads aimed at developers, ModStealer hides within heavily obfuscated Node.js code to avoid antivirus detection. It can target 56 browser wallet extensions, capture clipboard and screen data, and execute malicious code remotely. Stolen data is routed through servers in Finland and Germany. Mosyle emphasized that signature-based defenses are insufficient, urging continuous monitoring and behavior-based security measures.

Terms & Concepts

Infostealer: A type of malware designed to steal sensitive information such as credentials, private keys, or financial data from infected systems.
Malware-as-a-Service (MaaS): A cybercrime business model where malware developers lease or sell malware kits to affiliates for deployment in exchange for payment.
Node.js: An open-source, cross-platform JavaScript runtime that can execute code outside a browser, often exploited by attackers due to its elevated permissions in development environments.