Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Modstealer malware bypasses antivirus, targets crypto wallets

Security researchers say the strain scans systems for wallets, credentials, and certificates across all major operating systems.

byKerem Gülen
September 12, 2025
in Cybersecurity

A newly discovered malware strain called ModStealer has the capacity to bypass antivirus software and steal data from cryptocurrency wallets across Windows, Linux, and macOS operating systems.

The malware was revealed Thursday and initially reported by 9to5Mac, based on information from security firm Mosyle.

ModStealer cryptocurrency malware operated undetected for nearly one month

ModStealer had been operational for nearly a month before detection, remaining hidden from prominent antivirus engines during this period. The malware spreads through deceptive job recruiter advertisements specifically targeting software developers.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

Mosyle indicated this distribution method ensures the malware reaches individuals likely to have Node.js environments installed, making them prime targets for cryptocurrency-related attacks.

Multi-platform support enables widespread targeting

Shān Zhang, chief information security officer at blockchain security firm Slowmist, stated that ModStealer “evades detection by mainstream antivirus solutions and poses significant risks to the broader digital asset ecosystem.”

Zhang noted that “Unlike traditional stealers, ModStealer stands out for its multi-platform support and stealthy ‘zero-detection’ execution chain,” enabling attacks across multiple operating systems simultaneously.

Comprehensive system scanning targets crypto assets

After execution, ModStealer initiates a thorough scan of infected systems, searching for browser-based cryptocurrency wallet extensions, system credentials, and digital certificates. On macOS systems, the malware employs a persistence mechanism by masquerading as a background helper program.

This persistence ensures automatic execution upon system startup, maintaining continuous operation without user intervention or awareness.

How to detect potential ModStealer infections

Users can identify possible ModStealer infections by checking for these indicators:

  • Hidden file named “.sysupdater.dat” on the system,
  • Outbound network connections to suspicious or unknown servers,
  • Unexpected background processes running at startup,
  • Unusual cryptocurrency wallet extension behavior,
  • Unauthorized access attempts to digital certificates.

Zhang explained that “Although common in isolation, these persistence methods combined with strong obfuscation make ModStealer resilient against signature-based security tools.”

Direct threat to cryptocurrency users and platforms

Zhang emphasized ModStealer’s potential impact on individual users and the broader cryptocurrency ecosystem. For individual users, “private keys, seed phrases, and exchange API keys may be compromised, resulting in direct asset loss.”

For the cryptocurrency industry, Zhang warned that “mass theft of browser extension wallet data could trigger large-scale on-chain exploits, eroding trust and amplifying supply chain risks.”

How to protect cryptocurrency wallets from ModStealer

Cryptocurrency users can implement these protective measures:

  • Use hardware wallets instead of browser extensions for significant holdings,
  • Enable multi-factor authentication on all cryptocurrency accounts,
  • Regularly update antivirus software and enable real-time scanning,
  • Avoid clicking suspicious job recruitment advertisements,
  • Monitor system startup processes for unauthorized applications,
  • Backup seed phrases offline in secure physical locations,
  • Use separate devices for cryptocurrency transactions when possible.

Featured image credit

Tags: CryptocurrencyModstealer

Related Posts

Free and effective anti-robocall tools are now available

Free and effective anti-robocall tools are now available

October 3, 2025
WestJet cyberattack: 1.2m passengers’ data stolen

WestJet cyberattack: 1.2m passengers’ data stolen

October 2, 2025
Wiz: AI vibe coding leads to insecure authentication

Wiz: AI vibe coding leads to insecure authentication

September 29, 2025
DHS uses AI to detect AI-generated child abuse material

DHS uses AI to detect AI-generated child abuse material

September 29, 2025
Salesforce Agentforce hit by Noma “ForcedLeak” exploit

Salesforce Agentforce hit by Noma “ForcedLeak” exploit

September 26, 2025
Co-op Group reports £75m loss after April cyber-attack

Co-op Group reports £75m loss after April cyber-attack

September 25, 2025

LATEST NEWS

ChatGPT reportedly reduces reliance on Reddit as a data source

Perplexity makes Comet AI browser free, launches background assistant and Chess.com partnership

Light-powered chip makes AI computation 100 times more efficient

Free and effective anti-robocall tools are now available

Choosing the right Web3 server: OVHcloud options for startups to enterprises

Z.AI GLM-4.6 boosts context window to 200K tokens

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.