Bitcoin Forum

"ModStealer is a cross-platform virus designed to steal wallet keys and sensitive data. Antivirus detection is minimal, making it a serious risk for anyone holding digital assets."


Whenever I see such, my mind is in trouble on my bitcoin investment. Because most of us have no extra security measures to protect our assets except the security from the wallet developers.

You can read more on it.

Here (https://finance.yahoo.com/news/modstealer-malware-targets-crypto-wallets-151053500.html)

New ModStealer Malware Poses Threat to Crypto Wallets on macOS, Windows and Linux (https://www.coindesk.com/markets/2025/09/12/this-invisible-modstealer-is-targeting-your-browser-crypto-wallets)

Well, it is completely okay to feel concerned about what  the implication of malware like Modstealer Will do especially in the term of bitcoin investments. With the rising cases of cyber threat attacking digital assets like bitcoin, it is important for all bitcoin holders to prioritize the security and take great measures to protect their investment.

The ability of the malware to pass antivirus detection create a misleading sense of security that can make investors vulnerable. This shows how hackers are developing complicated method to compromise wallets and steal sensitive data.

Awareness like in this case and sharing of experiences help investors safeguard their digital assets like bitcoin if they are updated with news about new methods developed by hacker to compromise wallets.

---

Your investment need the best protection, take action now and stay updated.

The major target is windows, and other Operating Systems, and the best option now to protect our assets is hardware wallets but it is not easy to get hardware wallets in the third world countries mostly my country. And my location nobody sell such device. So we are still solemnly depends on the software wallets of either android app or the desktop software. And we depends on the developers security of the wallets.

You can get a hardware wallet even tho there are No people selling them in your location maybe you can order from the manufacturer and ship it to your location because depending on software wallet is the most risking approach for someone who wants the security of his investment.

Stealing data is acceptable since you have to run your email account on windows 11 to have full access to your PC this days, this is fair enough but anyone that keeps their recovery seed and private keys on a computer are nothing but stupid people. PC is the home of viruses and you can't be careful enough.

You have to keep your crypto related things out away from your PC, that's why we have separate crypto wallets like Tangem, Ledger and others, I've never liked the idea of running a crypto wallet on my PC, I know it's not safe to do so, it is also very hard to be 100% careful all the time, how can you keep up with this when most times you will be browsing the internet. Get a separate crypto wallet and this problem is done with.

OP you have a wrong link in the text. Your link redirects me to this (https://finance.yahoo.com/news/primoriss-data-center-strategy-power-133500685.html) while the real link should be this (https://finance.yahoo.com/news/modstealer-malware-targets-crypto-wallets-151053500.html).
Btw there is a reason why we have two terms for wallets. We call one wallet a hot wallet and the other a cold wallet. We should never hold more than we can afford to lose in a hot wallet, we should hold our savings in cold wallet, either on a secure computer or on a hardware wallet. I prefer a hardware wallet because it's not expensive, it's very secure and you mostly buy it once and keep it for years.

And this is what the article says as well:


https://cointelegraph.com/news/modstealer-malware-crypto-wallets-fake-job-ads

And if we can buy a hardware wallet or make profits in crypto, then we might as well have a separate machine as well for our daily needs and another one for our crypto thing. It's better to safe that sorry. And this criminals have evolved and using anything that they weaponized, like here, it's a job ads. Sooner or later and with the promise of huge salary, someone will have to let their guards down and didn't think that a simply job application will turn out to be their worst experience as if the machine they installed have their crypto, then the hackers are going to steal with this sophisticated attack.

This shouldn’t be what would put you into frightening because whenever you used the right wallet you would never have fear to lose any of digital assets except you used the wrong wallet on you leave your personal information online where they could easily have access to your data before you could get hacked or phished. The most important thing should be that all your asset is in a noncustodial wallet where only you have access to the wallet than leaving your personal information online where others could likely penetrate it.
After transactions always make sure your system remains of online and has no access to any connectivity or even your hardware wallet should placed where you have access to it.

In fact a cold wallet should be in an air gapped device. That way, it eliminated the possibilities of hackers or attackers from gaining access to the funds/Bitcoins.
I think we need more education about air gapped devices or cold wallets to newbies and even old users.

If you're holding for long term, I'd recommend gapped device. Whatever exploit there is if it can't connect to internet those hackers can do nothing and once you connected that wallet to the internet, you can easily create a new one to ensure maximum security.

From what I see, hackers are trying to attack supply chain on NPM package manager and smart contract capable blockchain are the one that's vulnerable. With bitcoin you just need to worry about making your privkey or seed phrase secure.

With those smart contract blockchains, you literally need to see your address spending approval, etc. I think it's still manageable for bitcoin holders.

Something very important to pay attention to. And yet so many people get into crypto and still dont so one thing to prepare themselves and leave themselves vulnerable for hacking into

Just use hardware wallet, but this is also the reason why I've never installed any random apps beside the one in app store, I just can't risk my data being stolen and it's a good security measure.
I'm grateful that iOS can't side load apps (except in EU) and maybe this is also the reason why android is starting to become closed to side loading.

Can never be too paranoid these days when there are malwares everywhere. Even clicking a zoom link provided by those scammer can get your PC infected.

ModStealer specifically targets browser extension wallets like Metamask and the millions of shitcoins that rely heavily on them.

The whole shitcoin ecosystem runs on DEXes, Metamask and other browser wallets, etc. In other words, a hacker and malware paradise.

Just stay far away from the shitcoin/altcoin world and you won't have to worry about it.

And they are very easy to conceal which is an added advantage over a tablet, laptop
or desktop alternatives.

If you have the mindset and conviction to be able to store the private keys safely
you have a good secure Bitcoin storage system.

---

Malware like in this thread just proves that the scammers havent stopped,
they are constantly evolving in line with security updates. This is a reminder to
check and update our systems and security.

While I have nothing against OP in particular, these kinds of threads are getting pointless. It seems that for every news article regarding malware someone is rushing to the forum to open yet another topic about malware. There is so much malware out there that there is no good point in opening a topic for each one. Instead threads should focus on security advice and knowledge. Just because you are aware of this particular malware that won't protect you from getting infected by it or by other malware if you are using the internet wrong, which most people are.

You can use Metamask with a hardware wallet like Ledger though, so really I blame primarily the users. Obviously you won't get the fast and snappy experience with this method as you would with the extension wallets. However, security usually has a direct trade off with usability. Still if you really think about how bad the shitcoin world is, you can easily get drained on ETH and many chains even if you use a Ledger with Metamask. All it takes is one bad approval and all your ETH based coins and tokens are gone.  ::)

Yes, I have heard about this dangerous virus targeting crypto wallets. Fortunately, it was discovered early, but who knows how much malware is operating secretly and has yet to be detected?

What's striking about this virus is its ability to interact with multiple systems: macOS, Windows, and Linux. Previously, most viruses targeted Windows systems because their protection was weaker. Today, however, we see viruses evolving to interact with all systems. This is a very dangerous indicator.

Some Linux, never all Linux.  This is a key difference between Linux and the other operating systems. The others are more uniform and putting aside other security considerations this makes them easier to infect by design. Usually malware runs into issues on Linux because the systems tend to be different. The paths are different and the installed libraries are different. Actually it can be fun try to deploy some known malware on a test installation of Linux and investigate all the ways in which it fails to infect the system. Anyhow for this particular case they just mention that it can infect Linux but I could not find information about the detailed flow.

That's as much as I could find. If someone can find a better investigative source please share it.

I also searched a bit and didn't find any more technical details.
But from what I understood from the article, it all relies primarily on social engineering. Through social engineering, attackers trick victims into installing malicious packages. They then install them manually and grant them all the necessary permissions to run on their systems as if they were legitimate software.

So, the issue is primarily about deceiving users. As long as the virus has been granted the necessary permissions by the user, it should be easy for it to operate secretly in the background.

To avoid all these attacks, we should use hardware wallets. Because hardware wallets are often outside the internet, due to which it will not be easy to attack hardware wallets. Hardware wallets have advantages as well as disadvantages. For example, they get damaged after being stored for a long time, and there is a possibility of getting damaged in water or fire.

Instead of worrying too much about malware, we need to focus on what we can do to stay safe. Just as malware is created, we have to take steps to protect ourselves from it. We need to do a little research and find out all these aspects and keep our holdings safe.

Imo, these fake job ads surely would look shady from the start for the people long enough browsing the web..

In that case it is a very unsophisticated case of malware that is not that interesting. Social engineering is the lowest level of any hacking. It catches the most people because of the fact that most people are very uneducated about technology.

Hardware wallets are not unhackable. As I have written somewhere else you just need 1 bad connect on ETH to get a complete drain of any ETH assets and their derivatives. It may help against the kind of malware that is shown in this thread but it is not a holy grail.

Yet so many still fall prey to it.. Crazy to think about it.

Staying vigilant about such ads / emails is the best way to avoid such a fate.

There is a modern trend where the ability to use something at all is confused with knowledge or expertise regarding the said thing. Often the currently young generation is perceived as being digitally apt, but they most certainly are not. Being able to use social media applications, browsers and change settings is not an aptitude of anything. You can teach these things to caged monkeys with enough time. If you think about it pretty much most people on the internet did not receive any education regarding security concerns. Where would they get it?

Looking at the currently youngest generation there is a common pattern. In most cases the first introduction to phones is stuff like Youtube and Tiktok where parents let them watch endlessly mind destroying content. Education? Zero. The secondary introduction is through games whether it be mobile, console or desktop does not matter. Education? Zero. So they end up growing up being able to use basic things but never really understanding any of it.

With Bitcoin this issue is on steroids. Be your own bank and not transaction reversibility means that the stakes are absurdly stacked against you. If people steal your login credentials you can probably get them back. If they ransomware your system, you can restore it if you have a backup (anyone with basic knowledge has regular backups). However, if they steal your Bitcoin there is no direct way to get them back. The risk of using technology in the way that most people have been doing their whole lives has never been higher.

I was rereading the comments and I saw your then I have made the correction. Concerning the hardware wallets. I don't think it is possible to get it in our location (Nigeria) unless we ordered it from abroad. And that will cost the person not less than $200 to $300 or even more from the shipping fee and other delivery fees.

When I read about all these crypto malwares that being developed to steal our cryptos it makes me to begin to wonder if, the security measures that we have all learned about on how to keep our crypto safe remains the same or needs to be updated to match the modus operandi of these malwares. Anyone has an answer to this?

Misleading!

It's browser-based malware, so it targets browsers like Google Chrome, Firefox etc, it does not cross-platform, and it does not attempt to scan the OS for desktop wallets. Besides, something like SELinux or AppArmor would squash such malware before it even hits, so if you have such a configuration then you don't need to worry.

I was wondering how they were able to create a cross-platform malware that doesn't break with runtime errors, especially on Linux which has too many distributions. But I guess the answer is clear now. Never store your coins in a browser-based wallet.


This is great for security researchers because this means they can have an easier time locking down devices against these kinds of malware strains. And the affiliates being dimwits who don't even know how to use gcc will not know how to evade such countermeasures.

You touched a sensitive topic. I know so many people who use browser extensions and crypto is very popular among them. I think that companies do very dirty marketing and the user who doesn't know much about how the technology works, they download any kind of extension. Crypto wallet extension is not the sole problem here, the biggest problem also is that people have multiple extensions in their browser and extensions aren't safe. Even if we assume that you have a crypto wallet extension installed in your browser, every time you add another extension, you amplify cybersecurity risks.

Anybody that takes the security of their asset very importantly will not easily fall victim for these viruses, there are many security tips of protecting your assets. Some which includes, backing up your seed phrases offline, don't allow your wallet to be on the device that you are regularly using to brows and go online every day, if you can afford it, use a hardware wallet, create your address on an air gap device. If you follow all the security tips properly, you won't easily be affected by this virus.

Of course I am aware of Web3, and the fact that there are many websites that ask to connect to your wallets.

But you probably also know that mobile wallets also exist containing browsers with which you can interact with web3 sites. These are much more secure to use than a simple browser extension because the browser extension only requires a password, and that could be key-logged, while the mobile wallets can be configured to use your phone's authentication settings such as PIN, fingerprint, and facial scan.

Beyond moving money between dapps, there is no good reason to store crypto in a browser extension and forget about it.

I installed so many extensions in my browser to help my language learning journey, there's definitely a way to avoid simple traps like installing a fake extension if people pay some attention to it. That being said, another bigger issue is if the developer somehow got hacked and they published a malicious update. I'm sure I've read some cases like that in the last few months or so, like this one[1]. There's little you can do as a user to anticipate that. As mentioned above, the best way to avoid this is just not to use a browser-based wallet to store your wealth.

[1] https://www.esentire.com/security-advisories/update-malicious-chrome-extension-campaign

Never heard the exact name but I'm aware of different types of malwares already on crypto in my long time of stay here. For sure there are still new ones out there. They won't stop as long as something is still profitable, as this is like their known livelihood already.

We can only be careful and hope they can get discovered from time to time, to prevent early or prevent more damage to the community.

You are right to be worried about viruses like ModStealer. These viruses are very dangerous because they can hide from antivirus programs and they try to steal your private information like your wallet private keys. It is not enough to just trust security of your wallet. You also need to protect your computer or phone from these attacks. Best way to keep your Bitcoin safe is to use hardware wallet. This means that even if your computer gets virus hackers still can not get to your money because keys are stored safely on separate device. Your personal actions are most important part of keeping your crypto secure.