New malware uses false advertisements to hit cryptographic wallets on Windows, Mac, Linux

Newly discovered transformer malware modwareers nicknamed Modstealer slides antivirus systems and targets cryptographic wallets on Windows, MacOS and Linux, according to researchers from the Apple Device Mosyle Safety Company.

Modstealer has remained not detected by the main antivirus engines since its download for the first time on Virustotal almost a month ago, reported Thursday 9to5mac.

Malware is distributed by false advertisements of job recruiters intended for developers, an increasing tactic among cybercriminals.

The victims were deceived in the execution of the malicious JavaScript file

The victims are led to manage a malicious JavaScript file written in NODEJS, which avoids detection by the traditional defenses based on the signature.

Unlike more basic info, Modstealer is responsible for functionalities designed for stealth and scale.

It targets 56 Cryptographic wallet extensions based on a browser, including those of Safari, and is capable of extracting private keys, identification information, configuration files and certificates.

The papermap and screen capture tools are also integrated, in parallel with the execution of the remote code, which can give attackers an almost total control of an infected device.

On macOS, malware uses Apple’s Launchctl tool to gain persistence by losing a launch.

From there, he silently monitors the activity and sends data to a remote server who would be hosted in Finland but sent by the German infrastructure.

Researchers think that Modstealer is part of a malware ecosystem as a growing service (MAAS), where advanced malware packages are sold to affiliates that deploy them without the need for technical expertise.

This reflects a broader trend in the space of cybercrime: infostators now dominate Mac malicious software, with JAMF signaling a 28% increase in these threats in only 2025.

The implications for crypto users are particularly serious, given the emphasis put by malware on portfolio extensions and sensitive identification information from the blockchain.

“It’s just a Mac problem,” Mosyle said in a statement. “The multiplatform nature of Modstealer, combined with its furtive distribution model and Maas, represents an evolving threat to developers, traders and businesses.”

By emphasizing the escape of antivirus systems, the campaign highlights the need for more advanced safety solutions based on behavior.

The investor loses $ 3 million in crypto-phishing scam

As indicated, a cryptocurrency investor was the victim of a phishing scam, losing $ 3.05 million in Tether (USDT) after having signed a malicious blockchain transaction without knowing.

On Wednesday, the loss, reported by the blockchain analysis platform, underlines the growing threat of phishing attacks targeting digital active holders.

The striker has exploited a common habit among Crypto users: validate only the first and last characters of a portfolio address while ignoring the environment.

Crypto investors have lost more than $ 2.2 billion against hacks, scams and violations in the first half of 2025, largely portfolio compromises and phishing attacks, according to Certik’s latest security report.

Portfolio violations alone caused $ 1.7 billion in losses on only 34 incidents, while phishing scams represented more than $ 410 million in 132 attacks.

The malicious software station uses false advertisements to hit cryptographic wallets on Windows, Mac, Linux appeared first on Cryptonews.

Source link