A newly discovered malware threat, dubbed ModStealer, is actively targeting macOS, Windows, and Linux systems. The information comes from a report published by 9to5Mac on September 11.
Security researchers at Mosyle have identified the presence of this malware on VirusTotal. Notably, it managed to bypass antivirus software detection for nearly a month.
The malicious software is coded in JavaScript, utilizing NodeJS, and employs code obfuscation techniques to prevent easy detection.
Did you know?
Subscribe – We publish new crypto explainer videos every week!
What is Cardano in Crypto? (Easily Explained!)
After successful installation, ModStealer operates silently in the background, harvesting sensitive data. This includes cryptocurrency wallet keys, digital certificates, account-related files, and browser extensions associated with cryptocurrency wallets.
The Mosyle research team discovered code specifically designed to target over 50 different wallet extensions, including those used by Safari and Chromium-based browsers.
Furthermore, the malware monitors and records clipboard activity, captures screenshots, and has the capability to execute commands received from a remote command-and-control server. These capabilities grant attackers significant access to private user information and remote control over compromised systems.
On macOS systems, ModStealer takes advantage of Apple’s launchctl utility, registering itself as a LaunchAgent. This ensures that the malware remains active even after the infected system is restarted. The stolen data is transmitted to a server that appears to be located in Finland but utilizes infrastructure in Germany.
According to Mosyle, there is evidence suggesting that ModStealer might be offered as part of a Malware-as-a-Service (MaaS) operation. In such models, the malware developers create the malicious code and then lease it to affiliates, enabling them to launch attacks without possessing extensive technical expertise.
Mosyle emphasized that relying solely on signature-based antivirus solutions is insufficient for defending against advanced threats such as ModStealer. They recommend continuous security monitoring, the implementation of behavior-based security systems, and heightened awareness concerning emerging attack methodologies.
Lucija Valentić from ReversingLabs recently revealed that cybercriminals have devised a novel technique for spreading malware by leveraging Ethereum