Malware Discovered by Researchers, Secretenly Draining Cryptocurrency from Browser Wallets Remains Undetected
A new malware strain called ModStealer has been discovered, slipping past antivirus checks and targeting crypto wallets on Windows, Linux, and macOS systems. This malware, first detected by cybersecurity researcher Kafeine, has remained undetected by major antivirus engines for almost a month at the time of disclosure.
ModStealer is delivered through fake job recruiter ads targeting developers. Once executed, it scans for browser-based crypto wallet extensions, system credentials, and digital certificates. It can also steal single files, groups of files, or entire folders, and takes screenshots on demand.
On Apple hardware running macOS, ModStealer sets itself up to run automatically every time the computer starts by disguising itself as a background helper program. This persistence makes it resilient against signature-based security tools.
ModStealer evades detection by mainstream antivirus solutions and suppresses errors, using innocuous names to stay quiet. A secret file called ".sysupdater.dat" and connections to a suspicious server may be signs of ModStealer infection.
According to Shān Zhang, chief information security officer at blockchain security firm Slowmist, ModStealer poses significant risks to the broader digital asset ecosystem. It can potentially lead to direct asset loss for end-users and large-scale on-chain exploits for the crypto industry.
The discovery of ModStealer follows a related warning from Ledger CTO Charles Guillemet about compromised NPM developer accounts. ModStealer can run terminal commands like changing directories or launching Bash, and continuously sends details about the infected computer and waits for instructions from a C2, or "Command and Control", server.
ModStealer poses a direct threat to crypto users and platforms. It checks the clipboard for copied wallet addresses and can exfiltrate the data to these remote C2 servers. Its persistence methods combined with strong obfuscation make it resilient against signature-based security tools.
As cyber threats continue to evolve, it is essential for users and platforms to stay vigilant and implement robust security measures to protect their digital assets.
Read also:
- Artificial Intelligence with independent agency could potentially intervene in cybercrises.
- Autocrrypt and Cohda Wireless Collaborate for Secure Vehicle-to-Everything Communication
- UNESCO Recognizes Traditional Board Game from Togaykumalak as Intangible Cultural Heritage
- Germany's digital autonomy remains elusive for now
