ModStealer Malware Evades Detection, Targets Crypto Wallet Data

New Malware Targets Crypto Wallets with Advanced Evasion Techniques

A new malware strain, ModStealer, is designed to steal crypto wallet data and evade detection by major antivirus engines.
Distributed through malicious recruiter ads targeting developers, the malware uses a heavily obfuscated NodeJS script.
The obfuscation makes the code unreadable to signature-based antivirus tools, allowing it to bypass traditional security scans.
ModStealer is cross-platform, affecting macOS, Windows, and Linux environments, focusing on data exfiltration.
The malware targets 56 browser wallet extensions to extract private keys, credentials, and certificates.
It also supports clipboard hijacking, screen capture, and remote code execution, enabling near-total control of infected devices.
On macOS, persistence is achieved by embedding itself as a LaunchAgent via Apple's launching tool.
ModStealer aligns with the "Malware-as-a-Service" model, contributing to a recent increase in infostealers.
Recent npm attacks using Ethereum smart contracts highlight escalating techniques targeting crypto wallets across ecosystems.

Investors should be aware of these developments as they pose significant risks to crypto assets and related infrastructures.