• bitcoinBitcoin (BTC) $ 70,590.00
  • ethereumEthereum (ETH) $ 2,074.59
  • tetherTether (USDT) $ 1.00
  • bnbBNB (BNB) $ 652.33
  • xrpXRP (XRP) $ 1.39
  • usd-coinUSDC (USDC) $ 0.999952
  • solanaSolana (SOL) $ 87.19
  • tronTRON (TRX) $ 0.293596
  • staked-etherLido Staked Ether (STETH) $ 2,265.05
  • figure-helocFigure Heloc (FIGR_HELOC) $ 1.02
  • dogecoinDogecoin (DOGE) $ 0.094500
  • whitebitWhiteBIT Coin (WBT) $ 55.20
  • usdsUSDS (USDS) $ 0.999811
  • cardanoCardano (ADA) $ 0.261193
  • bitcoin-cashBitcoin Cash (BCH) $ 457.66
  • wrapped-stethWrapped stETH (WSTETH) $ 2,779.67
  • hyperliquidHyperliquid (HYPE) $ 37.02
  • leo-tokenLEO Token (LEO) $ 9.02
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 76,243.00
  • moneroMonero (XMR) $ 359.31
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.998762
  • chainlinkChainlink (LINK) $ 8.98
  • wrapped-beacon-ethWrapped Beacon ETH (WBETH) $ 2,466.93
  • ethena-usdeEthena USDe (USDE) $ 1.00
  • canton-networkCanton (CC) $ 0.154583
  • stellarStellar (XLM) $ 0.163397
  • wrapped-eethWrapped eETH (WEETH) $ 2,465.31
  • usd1-wlfiUSD1 (USD1) $ 0.999282
  • daiDai (DAI) $ 0.999944
  • susdssUSDS (SUSDS) $ 1.08
  • rainRain (RAIN) $ 0.008886
  • litecoinLitecoin (LTC) $ 54.61
  • avalanche-2Avalanche (AVAX) $ 9.60
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 76,366.00
  • paypal-usdPayPal USD (PYUSD) $ 0.999833
  • hedera-hashgraphHedera (HBAR) $ 0.092941
  • suiSui (SUI) $ 0.985932
  • wethWETH (WETH) $ 2,268.37
  • shiba-inuShiba Inu (SHIB) $ 0.000006
  • zcashZcash (ZEC) $ 206.10
  • the-open-networkToncoin (TON) $ 1.30
  • usdt0USDT0 (USDT0) $ 0.998824
  • crypto-com-chainCronos (CRO) $ 0.076750
  • world-liberty-financialWorld Liberty Financial (WLFI) $ 0.103581
  • tether-goldTether Gold (XAUT) $ 5,002.19
  • memecoreMemeCore (M) $ 1.53
  • pax-goldPAX Gold (PAXG) $ 5,036.88
  • uniswapUniswap (UNI) $ 3.93
  • polkadotPolkadot (DOT) $ 1.44
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.22
  • mantleMantle (MNT) $ 0.714557
  • hashnote-usycCircle USYC (USYC) $ 1.12
  • bittensorBittensor (TAO) $ 238.18
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • pi-networkPi Network (PI) $ 0.206494
  • okbOKB (OKB) $ 93.48
  • skySky (SKY) $ 0.077275
  • global-dollarGlobal Dollar (USDG) $ 1.00
  • falcon-financeFalcon USD (USDF) $ 0.997339
  • aster-2Aster (ASTER) $ 0.694813
  • nearNEAR Protocol (NEAR) $ 1.31
  • aaveAave (AAVE) $ 111.30
  • syrupusdcsyrupUSDC (SYRUPUSDC) $ 1.15
  • ripple-usdRipple USD (RLUSD) $ 0.999900
  • bitget-tokenBitget Token (BGB) $ 2.16
  • htx-daoHTX DAO (HTX) $ 0.000002
  • internet-computerInternet Computer (ICP) $ 2.63
  • pepePepe (PEPE) $ 0.000003
  • bfusdBFUSD (BFUSD) $ 0.999297
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.12
  • ethereum-classicEthereum Classic (ETC) $ 8.28
  • ondo-financeOndo (ONDO) $ 0.259253
  • pump-funPump.fun (PUMP) $ 0.001983
  • gatechain-tokenGate (GT) $ 7.05
  • superstate-short-duration-us-government-securities-fund-ustbSuperstate Short Duration U.S. Government Securities Fund (USTB) (USTB) $ 11.02
  • kucoin-sharesKuCoin (KCS) $ 8.05
  • worldcoin-wldWorldcoin (WLD) $ 0.353018
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 4.00
  • morphoMorpho (MORPHO) $ 1.85
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.095772
  • eutblSpiko EU T-Bills Money Market Fund (EUTBL) $ 1.20
  • quant-networkQuant (QNT) $ 65.61
  • cosmosCosmos Hub (ATOM) $ 1.87
  • jito-staked-solJito Staked SOL (JITOSOL) $ 124.46
  • official-trumpOfficial Trump (TRUMP) $ 3.94
  • ethenaEthena (ENA) $ 0.107360
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 2,404.69
  • render-tokenRender (RENDER) $ 1.76
  • nexoNEXO (NEXO) $ 0.897383
  • binance-peg-wethBinance-Peg WETH (WETH) $ 2,262.26
  • usdtbUSDtb (USDTB) $ 1.00
  • rocket-pool-ethRocket Pool ETH (RETH) $ 2,631.35
  • algorandAlgorand (ALGO) $ 0.092055
  • kaspaKaspa (KAS) $ 0.030317
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999945
  • midnight-3Midnight (NIGHT) $ 0.048903
  • usddUSDD (USDD) $ 1.00
  • wbnbWrapped BNB (WBNB) $ 759.61
  • janus-henderson-anemoy-treasury-fundJanus Henderson Anemoy Treasury Fund (JTRSY) $ 1.10
  • ignition-fbtcFunction FBTC (FBTC) $ 76,389.00
  • hash-2Provenance Blockchain (HASH) $ 0.013370
  • flare-networksFlare (FLR) $ 0.008732
  • ousgOUSG (OUSG) $ 114.58
  • aptosAptos (APT) $ 0.911093
  • filecoinFilecoin (FIL) $ 0.867514
  • syrupusdtsyrupUSDT (SYRUPUSDT) $ 1.11
  • xdce-crowd-saleXDC Network (XDC) $ 0.032759
  • stable-2​​Stable (STABLE) $ 0.029519
  • vechainVeChain (VET) $ 0.007148
  • binance-staked-solBinance Staked SOL (BNSOL) $ 108.24
  • beldexBeldex (BDX) $ 0.080365
  • yldsYLDS (YLDS) $ 0.999996
  • arbitrumArbitrum (ARB) $ 0.100301
  • ghoGHO (GHO) $ 0.999978
  • usual-usdUsual USD (USD0) $ 0.994844
  • jupiter-exchange-solanaJupiter (JUP) $ 0.159667
  • bridged-usdc-polygon-pos-bridgePolygon Bridged USDC (Polygon PoS) (USDC.E) $ 0.999720
  • bonkBonk (BONK) $ 0.000006
  • solv-btcSolv Protocol BTC (SOLVBTC) $ 76,461.00
  • true-usdTrueUSD (TUSD) $ 0.999358
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 76,491.00
  • a7a5A7A5 (A7A5) $ 0.012465
  • justJUST (JST) $ 0.055370
  • fasttokenFasttoken (FTN) $ 1.09
  • clbtcclBTC (CLBTC) $ 76,920.00
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 0.705757
  • blockstackStacks (STX) $ 0.250904
  • pancakeswap-tokenPancakeSwap (CAKE) $ 1.40
  • decredDecred (DCR) $ 26.41
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.007156
  • euro-coinEURC (EURC) $ 1.14
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 2,419.84
  • sei-networkSei (SEI) $ 0.065994
  • siren-2Siren (SIREN) $ 0.603884
  • kinetic-staked-hypeKinetiq Staked HYPE (KHYPE) $ 33.97
  • tbtctBTC (TBTC) $ 70,942.00
  • riverRiver (RIVER) $ 21.70
  • janus-henderson-anemoy-aaa-clo-fundJanus Henderson Anemoy AAA CLO Fund (JAAA) $ 1.03
  • wrappedm-by-m0WrappedM by M0 (WM) $ 1.00
  • dashDash (DASH) $ 32.35
  • ether-fiEther.fi (ETHFI) $ 0.547457
  • layerzeroLayerZero (ZRO) $ 1.99
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.178561
  • tezosTezos (XTZ) $ 0.370841
  • kite-2Kite (KITE) $ 0.219824
  • c8ntinuumc8ntinuum (CTM) $ 0.087592
  • chilizChiliz (CHZ) $ 0.037924
  • mantle-staked-etherMantle Staked Ether (METH) $ 2,455.82
  • kinesis-goldKinesis Gold (KAU) $ 159.55
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.999765
  • polygon-pos-bridged-dai-polygon-posPolygon PoS Bridged DAI (Polygon POS) (DAI) $ 0.999983
  • pippinpippin (PIPPIN) $ 0.371152
  • resolv-wstusrResolv wstUSR (WSTUSR) $ 1.13
  • usxUSX (USX) $ 0.999684
  • cocaCOCA (COCA) $ 1.30
  • adi-tokenADI (ADI) $ 3.53
  • gnosisGnosis (GNO) $ 128.52
  • curve-dao-tokenCurve DAO (CRV) $ 0.226254
  • liquid-staked-ethereumLiquid Staked ETH (LSETH) $ 2,406.26
  • apenftAINFT (NFT) $ 0.00000033
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 76,200.00
  • usdaiUSDai (USDAI) $ 1.00
  • bittorrentBitTorrent (BTT) $ 0.00000033
  • hastra-primePRIME (PRIME) $ 1.03
  • sun-tokenSun Token (SUN) $ 0.016384
  • wrapped-flareWrapped Flare (WFLR) $ 0.009961
  • kaiaKaia (KAIA) $ 0.053650
  • celestiaCelestia (TIA) $ 0.342333
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 2,266.86
  • injective-protocolInjective (INJ) $ 3.04
  • steakhouse-usdc-morpho-vaultSteakhouse USDC Morpho Vault (STEAKUSDC) $ 1.12
  • bitcoin-svBitcoin SV (BSV) $ 15.11
  • aerodrome-financeAerodrome Finance (AERO) $ 0.322177
  • syrupMaple Finance (SYRUP) $ 0.256016
  • doublezeroDoubleZero (2Z) $ 0.083590
  • conflux-tokenConflux (CFX) $ 0.055146
  • binance-peg-xrpBinance-Peg XRP (XRP) $ 1.59
  • flokiFLOKI (FLOKI) $ 0.000030
  • ether-fi-liquid-ethEther.Fi Liquid ETH (LIQUIDETH) $ 2,443.47
  • jasmycoinJasmyCoin (JASMY) $ 0.005738
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 2,421.84
  • spx6900SPX6900 (SPX) $ 0.302389
  • story-2Story (IP) $ 0.798682
  • sbtc-2sBTC (SBTC) $ 77,039.00
  • fraxLegacy Frax Dollar (FRAX) $ 0.992978
  • pyth-networkPyth Network (PYTH) $ 0.047420
  • iotaIOTA (IOTA) $ 0.063150
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 115.56
  • lighterLighter (LIT) $ 1.09
  • savings-usddSavings USDD (SUSDD) $ 1.03
  • btse-tokenBTSE Token (BTSE) $ 1.67
  • olympusOlympus (OHM) $ 17.27
  • venice-tokenVenice Token (VVV) $ 6.04
  • msolMarinade Staked SOL (MSOL) $ 133.18
  • official-foOfficial FO (FO) $ 0.266014
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 2,265.06
  • crvusdcrvUSD (CRVUSD) $ 1.00
  • optimismOptimism (OP) $ 0.122347
  • thetrumptokenTheTrumpToken (GREAT) $ 12.05
  • lido-daoLido DAO (LDO) $ 0.291384
Bitcoin

Researchers Uncover Undetectable Malware Draining Crypto Browser Wallets

By admin
0 123

Researchers Uncover Undetectable Malware Draining Crypto Browser Wallets

A new malware strain that can slip past antivirus checks and steal data from crypto wallets on Windows, Linux, and macOS systems was discovered on Thursday.

Dubbed ModStealer, it had remained undetected by major antivirus engines for almost a month at the time of disclosure, with its package being delivered through fake job recruiter ads targeting developers. 

The disclosure was made by security firm Mosyle, according to an initial report from 9to5Mac. Decrypt has reached out to Mosyle to learn more.



Distributing through fake job recruiter ads was an intentional tactic, according to Mosyle, because it was designed to reach developers who were likely already using or had Node.js environments installed.

ModStealer “evades detection by mainstream antivirus solutions and poses significant risks to the broader digital asset ecosystem,” Shān Zhang, chief information security officer at blockchain security firm Slowmist, told Decrypt. “Unlike traditional stealers, ModStealer stands out for its multi-platform support and stealthy ‘zero-detection’ execution chain.”

Once executed, the malware scans for browser-based crypto wallet extensions, system credentials, and digital certificates. 

It then “exfiltrates the data to remote C2 servers,” Zhang explained. A C2, or “Command and Control” server, is a centralized system used by cybercriminals to manage and control compromised devices in a network, acting as the operational hub for malware and cyberattacks.

On Apple hardware running macOS, the malware sets itself up through a “persistence method” to run automatically every time the computer starts by disguising itself as a background helper program. 

The setup keeps it running quietly without the user noticing. Signs of infection include a secret file called “.sysupdater.dat” and connections to a suspicious server, per the disclosure.

“Although common in isolation, these persistence methods combined with strong obfuscation make ModStealer resilient against signature-based security tools,” Zhang said.

The discovery of ModStealer comes on the heels of a related warning from Ledger CTO Charles Guillemet, who disclosed Tuesday that attackers had compromised an NPM developer account and attempted to spread malicious code that could silently replace crypto wallet addresses during transactions, putting funds at risk across multiple blockchains.

Although the attack was detected early and failed, Guillemet later noted that the compromised packages had been hooked to Ethereum, Solana, and other chains.

“If your funds sit in a software wallet or on an exchange, you’re one code execution away from losing everything.” Guillemet tweeted hours after his initial warning.

Asked about the new malware’s possible impact, Zhang warned that ModStealer poses a “direct threat to crypto users and platforms.”

For end-users, “private keys, seed phrases, and exchange API keys may be compromised, resulting in direct asset loss,” Zhang said, adding that for the crypto industry, “mass theft of browser extension wallet data could trigger large-scale on-chain exploits, eroding trust and amplifying supply chain risks.”

Source

admin 19011 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.