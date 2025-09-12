Researchers uncover new malware targeting crypto wallets

Par : BitcoinEthereumNews
2025/09/12 17:44
Moonveil
MORE$0.09612-5.80%
BRC20.COM
COM$0.016032-1.00%
NODE
NODE$0.08202-1.12%
MAY
MAY$0.0447-0.31%
Multichain
MULTI$0.04218+0.42%

Mosyle security firm has discovered a malware strain capable of bypassing antivirus software detection and stealing information from crypto browser wallets. The malware spreads via fake recruiter ads online.

Major antivirus software did not detect ModStealer malware for almost a month before reporting it. It targeted developers already working with Node.js environments. ModStealer scans for browser-based crypto wallet extensions, system credentials, and digital certificates before sending the stolen information to a command and control (C2) server. The C2 server acts as a central hub for scammers to manage compromised devices. 

ModStealer exploits Node.js to steal private keys

According to research by 9to5Mac, ModStealer malware disguised itself on macOS systems as a background helper program to achieve persistence, ensuring it ran automatically every time the computer restarted. The infected systems had a file labeled sysupdater.dat and unusual connections to suspicious servers. 

Shan Zhang, chief information security officer at SlowMist, a blockchain security company, revealed that ModStealer evades detection by mainstream antivirus software and poses a significant risk to the digital asset ecosystem. He added that the malware has multi-platform support and stealth execution, which differentiates it from traditional malware. 

Charles Guillemet, Ledger CTO, revealed another similar attack that allowed attackers to compromise a Node Package Manager (npm) developer account in an attempt to spread malicious code, which may silently replace wallet addresses during transactions. He cautioned that such incidents show how vulnerable blockchain-related code libraries can be.

Zhang warned that the ModStealer malware presents a direct threat to crypto users and platforms, adding that for individual users, the compromise of private keys, seed phrases, and exchange API keys may lead to immediate losses. He also noted that mass theft of browser extension wallet data could fuel large-scale on-chain exploits and weaken user trust while increasing risks across crypto supply chains. 

New cyber exploits target crypto wallets data

Guillemet discovered that the JavaScript ecosystem was compromised by a massive supply chain attack targeting libraries such as chalk, strip-ansi, color-convert, and error-ex. The affected packages have been downloaded more than one billion times a week, which presents a severe threat to the blockchain ecosystem. 

The malicious software worked as a crypto-clipper, meaning it could replace wallet addresses in network requests or modify transactions initiated via MetaMask and other wallets. The attack was discovered via a minor CI/CD pipeline build failure. The researchers later found that the malware used two strategies. The first strategy was passive address swapping, which monitored outgoing traffic requests and replaced wallet addresses with the hijacker’s controlled ones. It used the Levenshtein distance algorithm, which selects lookalike addresses, making it visually difficult to detect changes.

Another method the attackers utilized was active transaction hijacking, which modifies pending transactions in memory before forwarding them for user approval once a crypto wallet is detected. This tricked users into signing transfers directly to the attacker’s wallet.

Similar incidents have been reported on Cryptopolitan recently, where ReversingLabs’ research revealed another malware concealed on Ethereum smart contracts. The attack was downloaded via npm packages, including colortoolv2 and mimelib2, which acted as second-stage agents, fetching the malicious software stored on the Ethereum blockchain. 

ReversingLabs revealed that the malicious software bypassed security scans by hiding the malicious URLs within the Ethereum smart contracts. It was later downloaded through fake GitHub repositories, which posed as cryptocurrency trading bots. The operation was linked to Stargazer’s Ghost Network, a system of coordinated attacks that boost the legitimacy of malicious repositories.

KEY Difference Wire helps crypto brands break through and dominate headlines fast

Source: https://www.cryptopolitan.com/malware-targeting-crypto-wallets/

Clause de non-responsabilité : les articles republiés sur ce site proviennent de plateformes publiques et sont fournis à titre informatif uniquement. Ils ne reflètent pas nécessairement les opinions de MEXC. Tous les droits restent la propriété des auteurs d'origine. Si vous estimez qu'un contenu porte atteinte aux droits d'un tiers, veuillez contacter [email protected] pour demander sa suppression. MEXC ne garantit ni l'exactitude, ni l'exhaustivité, ni l'actualité des contenus, et décline toute responsabilité quant aux actions entreprises sur la base des informations fournies. Ces contenus ne constituent pas des conseils financiers, juridiques ou professionnels, et ne doivent pas être interprétés comme une recommandation ou une approbation de la part de MEXC.
Partager des idées

Vous aimerez peut-être aussi

RAY price at risk as Raydium users plunge 81%

RAY price at risk as Raydium users plunge 81%

Raydium’s token rose by over 12% on Thursday, June 19 as its active users and market share in the decentralized exchange industry retreated. Raydium (RAY) price rose to an intraday high of $2.7040, up 40% from its lowest level this…
TokenFi
TOKEN$0.01422+0.77%
Oasis
ROSE$0.02741-0.76%
Raydium
RAY$3.679+5.93%
Partager
Crypto.news2025/06/19 21:56
Partager
200,000,000 DOGE Transfer Stuns Robinhood Amid Dogecoin ETF Drama

200,000,000 DOGE Transfer Stuns Robinhood Amid Dogecoin ETF Drama

The post 200,000,000 DOGE Transfer Stuns Robinhood Amid Dogecoin ETF Drama appeared on BitcoinEthereumNews.com. An unexpected transfer of 200 million Dogecoin (DOGE), worth more than $50 million, appeared on the blockchain just within the last hour, with major U.S. broker Robinhood directly involved, as per Whale Alert. The immediate thought was that some major unknown investor bought and withdrew DOGE from the platform. But it quickly became known that the coins had just been moved between wallets controlled by Robinhood itself.  You Might Also Like This did not have any lasting effect on the amount of coins available, but it still made the crypto audience curious about what was happening. The transfer was so big that it was hard to ignore, and the background made it even harder. Dogecoin, which has been trading near $0.25 after a weekly surge that pushed its two-week gains above 16%, is now linked to a regulatory experiment that few thought possible a few years ago.  Dogecoin ETF: What, when, where? The first U.S. Dogecoin fund, labeled DOJE, is on the verge of being launched as soon as today. Based on the not so common Investment Company Act of 1940, this Dogecoin ETF is similar to Solana’s SSK fund and not the Bitcoin ETF. Nevertheless, it will provide a new way to invest in the most popular meme coin. The SEC is still saying no to approving a traditional spot DOGE ETF, but this workaround gives investors exposure. You Might Also Like Robinhood’s role in all of this is still very important. The platform is one of the biggest DOGE storage services in the world, holding billions of coins for retail users. Source: https://u.today/200000000-doge-transfer-stuns-robinhood-amid-dogecoin-etf-drama
NEAR
NEAR$2.72+0.40%
Union
U$0.009247-2.96%
Moonveil
MORE$0.09618-5.59%
Partager
BitcoinEthereumNews2025/09/12 17:00
Partager
Quintenz Shares Private Texts With Winklevoss

Quintenz Shares Private Texts With Winklevoss

The post Quintenz Shares Private Texts With Winklevoss appeared on BitcoinEthereumNews.com. Crypto Feud: Quintenz Shares Private Texts With Winklevoss Sign Up for Our Newsletter! For updates and exclusive offers enter your email. Rubmar is a crypto enthusiast who likes learning and improving constantly. She enjoys reporting on the latest news and developments in the crypto industry. Rubmar also enjoys scrapbooking, crafting, simulation games, and watching football. This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Center or Cookie Policy. I Agree Source: https://bitcoinist.com/crypto-feud-cftc-nominee-accuse-tyler-winklevoss/
BRC20.COM
COM$0.016092-0.64%
Sign
SIGN$0.07819-1.89%
Cookie DAO
COOKIE$0.13855+3.72%
Partager
BitcoinEthereumNews2025/09/12 17:30
Partager

Actualités tendance

Plus

RAY price at risk as Raydium users plunge 81%

200,000,000 DOGE Transfer Stuns Robinhood Amid Dogecoin ETF Drama

Quintenz Shares Private Texts With Winklevoss

More Than a Wallet: All-in-One Crypto & Fiat App Could Replace Your Bank Account

Solana’s Canada-based ‘Strategy’ firm files with U.S. SEC to trade on Nasdaq