ModStealer Virus platform-agnostic Invisible Crypto Wallet Thief

The malware, the ModStealer, silently attacks crypto wallets of Windows, Mac, and Linux by bypassing antivirus protection using fake job advertisements.

ModStealer is a typical cross-platform malware that harvests crypto assets in browser wallets and presents a novel threat to cryptocurrency users. It has been in operation for almost a month, unnoticed by major antivirus systems

This malware attacks Windows, macOS, and Linux operating systems and steals private keys and credentials associated with 56 browser wallet extensions, which also includes Safari.

ModStealer is distributed using counterfeit ads as job recruiters. The victims are duped into loading a rogue JavaScript panel coded in NodeJS, which avoids signature-based antivirus detection

The malware extracts the data, including the keys of the private keys, configuration files, and certificates required to access the crypto wallet, stealthily.

ModStealer’s Dark Arsenal: Clipboard, Screen Capture, Remote Control

In addition to stealing wallets, the malware gets clipboard data and screenshots. Worse still, it provides the attackers with the power of remote code execution, and this could provide complete access to the infected devices

On Mac OS, the ModStealer continues to operate by posing as a background process through the use of launchctl in Apple, silently watching and stealing data to servers that are thought to be connected to the infrastructure that may be hiding within Europe.

Analysts point out how the business of Malware-as-a-Service (MaaS), in which cybercriminals create advanced malware such as ModStealer and rent it to affiliates with minimal technical expertise, is on the rise

This type of model increases the scope and influence of malware campaigns against digital assets.

Researchers of Mosyle caution that a signature-based defense is no longer adequate

Such nefarious malware threats can only be countered by constant behavior surveillance and sophisticated threat detection.