New Malware Exploits Fake Job Ads to Hit Crypto Wallets on Windows, Mac, Linux

A newly found cross-platform malware dubbed ModStealer is slipping previous antivirus methods and focusing on crypto wallets on Windows, macOS, and Linux, in accordance to researchers at Apple machine safety agency Mosyle.

ModStealer has remained undetected by main antivirus engines because it was first uploaded to VirusTotal almost a month in the past, 9to5Mac reported on Thursday.

The malware is being distributed by pretend job recruiter adverts aimed toward builders, a rising tactic amongst cybercriminals.

Victims Tricked into Running Malicious JavaScript File

Victims are tricked into operating a malicious JavaScript file written in NodeJS, which avoids detection by conventional signature-based defenses.

Unlike extra fundamental infostealers, ModStealer comes loaded with options designed for stealth and scale.

It targets 56 browser-based crypto pockets extensions, together with these on Safari, and is able to extracting personal keys, credentials, configuration information, and certificates.

Clipboard and display screen seize instruments are additionally embedded, alongside distant code execution, which may give attackers near-total management of an contaminated machine.

On macOS, the malware makes use of Apple’s launchctl software to acquire persistence by embedding itself as a LaunchAgent.

From there, it silently screens exercise and sends information to a distant server believed to be hosted in Finland however routed by German infrastructure.

 Fake paid adverts

Scam adverts are seemingly-real adverts on Twitter and Google that publicize pretend giveaways and airdrops. Their aim is to trick you into connecting your pockets and signing malicious transactions.

 NEVER use hyperlinks in paid adverts or search outcomes to entry airdrops! pic.twitter.com/MoFJbgp345

— Phantom (@phantom) January 29, 2024

Researchers imagine ModStealer is a part of a rising Malware-as-a-Service (MaaS) ecosystem, the place superior malware packages are bought to associates who deploy them while not having technical experience.

This mirrors a wider development within the cybercrime area: infostealers now dominate Mac malware, with Jamf reporting a 28% surge in such threats in 2025 alone.

The implications for crypto customers are particularly extreme, given the malware’s focus on pockets extensions and delicate blockchain credentials.

“This isn’t only a Mac difficulty anymore,” mentioned Mosyle in a press release. “The cross-platform nature of ModStealer, mixed with its stealth and MaaS distribution mannequin, represents an evolving risk to builders, merchants, and enterprises alike.”

With its focus on evading antivirus methods, the marketing campaign highlights the necessity for extra superior, behavior-based safety options.

Investor Loses $3M in Crypto Phishing Scam

As reported, a cryptocurrency investor has fallen victim to a phishing scam, shedding $3.05 million in Tether (USDT) after unknowingly signing a malicious blockchain transaction.

The loss, flagged by blockchain analytics platform Lookonchain on Wednesday, underscores the rising risk of phishing assaults focusing on digital asset holders.

The attacker exploited a typical behavior amongst crypto customers: validating solely the primary and previous few characters of a pockets tackle whereas ignoring the center.

Crypto traders lost over $2.2 billion to hacks, scams, and breaches within the first half of 2025, pushed largely by pockets compromises and phishing assaults, in accordance to CertiK’s newest safety report.

Wallet breaches alone brought about $1.7 billion in losses throughout simply 34 incidents, whereas phishing scams accounted for over $410 million throughout 132 assaults.

The put up New Malware Exploits Fake Job Ads to Hit Crypto Wallets on Windows, Mac, Linux appeared first on Cryptonews.