In brief
- ModStealer spreads through fake recruiter ads using obfuscated code.
- It targets browser wallets and hides by disguising itself as a background helper.
- The malware poses a direct threat to crypto users and platforms, Decrypt was told.
A new malware strain that can slip past antivirus checks and steal data from crypto wallets on Windows, Linux, and macOS systems was discovered on Thursday.
Dubbed ModStealer, it had remained undetected by major antivirus engines for almost a month at the time of disclosure, with its package being delivered through fake job recruiter ads targeting developers.
The disclosure was made by security firm Mosyle, according to an initial report from 9to5Mac. Decrypt has reached out to Mosyle to learn…
Sep 12 2025
