New malware ModStealer Bypasses antivirus software to steal encrypted wallets

According to ChainCatcher, according to market news, security company Mosyle disclosed that the cross-platform malware ModStealer can bypass mainstream antivirus software detection by pretending to be a background assistant program, and specifically steal browser encrypted wallet data on Windows, Linux and macOS systems. The software is spread through disguised job ads and aims at developers who have installed Node.js environments. ModStealer automatically runs and collects wallet extensions, system credentials, and digital certificates, and then uploads the data to a remote C2 server. Security experts warn that the malware poses a direct threat to encrypted users and platforms, potentially leading to the leakage of private keys, mnemonics and API keys, triggering large-scale on-chain attacks. .