ModStealer: Malware Targeting Crypto Wallets,

[Satofan44]

~
That's as much as I could find. If someone can find a better investigative source please share it.

I also searched a bit and didn't find any more technical details.
But from what I understood from the article, it all relies primarily on social engineering. Through social engineering, attackers trick victims into installing malicious packages. They then install them manually and grant them all the necessary permissions to run on their systems as if they were legitimate software.

So, the issue is primarily about deceiving users. As long as the virus has been granted the necessary permissions by the user, it should be easy for it to operate secretly in the background.

In that case it is a very unsophisticated case of malware that is not that interesting. Social engineering is the lowest level of any hacking. It catches the most people because of the fact that most people are very uneducated about technology.

To avoid all these attacks, we should use hardware wallets. Because hardware wallets are often outside the internet, due to which it will not be easy to attack hardware wallets. Hardware wallets have advantages as well as disadvantages. For example, they get damaged after being stored for a long time, and there is a possibility of getting damaged in water or fire.

Instead of worrying too much about malware, we need to focus on what we can do to stay safe. Just as malware is created, we have to take steps to protect ourselves from it. We need to do a little research and find out all these aspects and keep our holdings safe.

Hardware wallets are not unhackable. As I have written somewhere else you just need 1 bad connect on ETH to get a complete drain of any ETH assets and their derivatives. It may help against the kind of malware that is shown in this thread but it is not a holy grail.

[fikrett]

~
That's as much as I could find. If someone can find a better investigative source please share it.

I also searched a bit and didn't find any more technical details.
But from what I understood from the article, it all relies primarily on social engineering. Through social engineering, attackers trick victims into installing malicious packages. They then install them manually and grant them all the necessary permissions to run on their systems as if they were legitimate software.

So, the issue is primarily about deceiving users. As long as the virus has been granted the necessary permissions by the user, it should be easy for it to operate secretly in the background.

In that case it is a very unsophisticated case of malware that is not that interesting. Social engineering is the lowest level of any hacking. It catches the most people because of the fact that most people are very uneducated about technology.

Yet so many still fall prey to it.. Crazy to think about it.

Staying vigilant about such ads / emails is the best way to avoid such a fate.

[Satofan44]

Yet so many still fall prey to it.. Crazy to think about it.

Staying vigilant about such ads / emails is the best way to avoid such a fate.

There is a modern trend where the ability to use something at all is confused with knowledge or expertise regarding the said thing. Often the currently young generation is perceived as being digitally apt, but they most certainly are not. Being able to use social media applications, browsers and change settings is not an aptitude of anything. You can teach these things to caged monkeys with enough time. If you think about it pretty much most people on the internet did not receive any education regarding security concerns. Where would they get it?

Looking at the currently youngest generation there is a common pattern. In most cases the first introduction to phones is stuff like Youtube and Tiktok where parents let them watch endlessly mind destroying content. Education? Zero. The secondary introduction is through games whether it be mobile, console or desktop does not matter. Education? Zero. So they end up growing up being able to use basic things but never really understanding any of it.

With Bitcoin this issue is on steroids. Be your own bank and not transaction reversibility means that the stakes are absurdly stacked against you. If people steal your login credentials you can probably get them back. If they ransomware your system, you can restore it if you have a backup (anyone with basic knowledge has regular backups). However, if they steal your Bitcoin there is no direct way to get them back. The risk of using technology in the way that most people have been doing their whole lives has never been higher.

[Youngrebel]

OP you have a wrong link in the text. Your link redirects me to this while the real link should be this.
Btw there is a reason why we have two terms for wallets. We call one wallet a hot wallet and the other a cold wallet. We should never hold more than we can afford to lose in a hot wallet, we should hold our savings in cold wallet, either on a secure computer or on a hardware wallet. I prefer a hardware wallet because it's not expensive, it's very secure and you mostly buy it once and keep it for years.

I was rereading the comments and I saw your then I have made the correction. Concerning the hardware wallets. I don't think it is possible to get it in our location (Nigeria) unless we ordered it from abroad. And that will cost the person not less than $200 to $300 or even more from the shipping fee and other delivery fees.

[Davidvictorson]

"ModStealer is a cross-platform virus designed to steal wallet keys and sensitive data. Antivirus detection is minimal, making it a serious risk for anyone holding digital assets."


Whenever I see such, my mind is in trouble on my bitcoin investment. Because most of us have no extra security measures to protect our assets except the security from the wallet developers.

You can read more on it.

Here

New ModStealer Malware Poses Threat to Crypto Wallets on macOS, Windows and Linux

When I read about all these crypto malwares that being developed to steal our cryptos it makes me to begin to wonder if, the security measures that we have all learned about on how to keep our crypto safe remains the same or needs to be updated to match the modus operandi of these malwares. Anyone has an answer to this?

[NotATether]

Misleading!

It's browser-based malware, so it targets browsers like Google Chrome, Firefox etc, it does not cross-platform, and it does not attempt to scan the OS for desktop wallets. Besides, something like SELinux or AppArmor would squash such malware before it even hits, so if you have such a configuration then you don't need to worry.

I was wondering how they were able to create a cross-platform malware that doesn't break with runtime errors, especially on Linux which has too many distributions. But I guess the answer is clear now. Never store your coins in a browser-based wallet.

Mosyle states that the build aligns with the profile of “Malware-as-a-Service,” where developers sell ready-made tools to affiliates with limited technical expertise. The model has driven a surge in infostealers this year, with Jamf reporting a 28% rise in 2025 alone.

This is great for security researchers because this means they can have an easier time locking down devices against these kinds of malware strains. And the affiliates being dimwits who don't even know how to use gcc will not know how to evade such countermeasures.

[shield132]

I was wondering how they were able to create a cross-platform malware that doesn't break with runtime errors, especially on Linux which has too many distributions. But I guess the answer is clear now. Never store your coins in a browser-based wallet.

You touched a sensitive topic. I know so many people who use browser extensions and crypto is very popular among them. I think that companies do very dirty marketing and the user who doesn't know much about how the technology works, they download any kind of extension. Crypto wallet extension is not the sole problem here, the biggest problem also is that people have multiple extensions in their browser and extensions aren't safe. Even if we assume that you have a crypto wallet extension installed in your browser, every time you add another extension, you amplify cybersecurity risks.

[Dr.Bitcoin_Strange]

Anybody that takes the security of their asset very importantly will not easily fall victim for these viruses, there are many security tips of protecting your assets. Some which includes, backing up your seed phrases offline, don't allow your wallet to be on the device that you are regularly using to brows and go online every day, if you can afford it, use a hardware wallet, create your address on an air gap device. If you follow all the security tips properly, you won't easily be affected by this virus.

[NotATether]

You touched a sensitive topic. I know so many people who use browser extensions and crypto is very popular among them. I think that companies do very dirty marketing and the user who doesn't know much about how the technology works, they download any kind of extension. Crypto wallet extension is not the sole problem here, the biggest problem also is that people have multiple extensions in their browser and extensions aren't safe. Even if we assume that you have a crypto wallet extension installed in your browser, every time you add another extension, you amplify cybersecurity risks.

Of course I am aware of Web3, and the fact that there are many websites that ask to connect to your wallets.

But you probably also know that mobile wallets also exist containing browsers with which you can interact with web3 sites. These are much more secure to use than a simple browser extension because the browser extension only requires a password, and that could be key-logged, while the mobile wallets can be configured to use your phone's authentication settings such as PIN, fingerprint, and facial scan.

Beyond moving money between dapps, there is no good reason to store crypto in a browser extension and forget about it.

[joniboini]

Crypto wallet extension is not the sole problem here, the biggest problem also is that people have multiple extensions in their browser and extensions aren't safe. Even if we assume that you have a crypto wallet extension installed in your browser, every time you add another extension, you amplify cybersecurity risks.

I installed so many extensions in my browser to help my language learning journey, there's definitely a way to avoid simple traps like installing a fake extension if people pay some attention to it. That being said, another bigger issue is if the developer somehow got hacked and they published a malicious update. I'm sure I've read some cases like that in the last few months or so, like this one[1]. There's little you can do as a user to anticipate that. As mentioned above, the best way to avoid this is just not to use a browser-based wallet to store your wealth.

[1] https://www.esentire.com/security-advisories/update-malicious-chrome-extension-campaign

[MinMan]

Yes, I have heard about this dangerous virus targeting crypto wallets. Fortunately, it was discovered early, but who knows how much malware is operating secretly and has yet to be detected?

What's striking about this virus is its ability to interact with multiple systems: macOS, Windows, and Linux. Previously, most viruses targeted Windows systems because their protection was weaker. Today, however, we see viruses evolving to interact with all systems. This is a very dangerous indicator.

Never heard the exact name but I'm aware of different types of malwares already on crypto in my long time of stay here. For sure there are still new ones out there. They won't stop as long as something is still profitable, as this is like their known livelihood already.

We can only be careful and hope they can get discovered from time to time, to prevent early or prevent more damage to the community.

[Rustam Meraj]

You are right to be worried about viruses like ModStealer. These viruses are very dangerous because they can hide from antivirus programs and they try to steal your private information like your wallet private keys. It is not enough to just trust security of your wallet. You also need to protect your computer or phone from these attacks. Best way to keep your Bitcoin safe is to use hardware wallet. This means that even if your computer gets virus hackers still can not get to your money because keys are stored safely on separate device. Your personal actions are most important part of keeping your crypto secure.