According to PANews, security firm Mosyle has identified a cross-platform malware named ModStealer, which can bypass mainstream antivirus software by disguising itself as a background assistant program. This malware specifically targets browser-based crypto wallet data on Windows, Linux, and macOS systems. It spreads through fake job advertisements and primarily targets developers with Node.js environments installed.
ModStealer is capable of automatically executing and collecting wallet extensions, system credentials, and digital certificates, subsequently uploading the data to a remote command and control (C2) server. Security experts warn that this malware poses a direct threat to cryptocurrency users and platforms, potentially leading to the exposure of private keys, mnemonic phrases, and API keys, which could result in large-scale on-chain attacks.