Benzinga and Yahoo Finance LLC may earn commission or revenue on some items through the links below.
An infostealer particularly focused on stealing cryptocurrency wallet data from macOS, Windows and Linux users has been discovered by Apple (NASDAQ:AAPL) device management and security firm Mosyle.
Mosyle told 9to5Mac that it had discovered an infostealer dubbed ModStealer, which had remained undetected by antivirus tools for about a month.
Mosyle said the malware used an obfuscated JavaScript file preloaded with code targeting 56 different browser wallet extensions, including Safari, to steal wallet private keys and other sensitive account data.
Don’t Miss:
-
Your Last Chance to Invest in Pacaso Before Their Global Expansion — Offer Ends Sept 18
-
Vacancy Rates Below 5% and $2.3B in Unmet Demand — How Everyday Investors Can Access America’s Industrial Boom
The malware can extract clipboard and screen data, and execute remote code, Mosyle told 9to5Mac. Mosyle said that attackers could almost completely control the victim’s device with the remote code execution capability.
The malware is able to remain undetected for long on macOS devices by abusing Apple’s launchtl tool to run as a LaunchAgent, Mosyle said.
But perhaps what makes the ModStealer attack particularly sinister is that it targets job seekers. According to Mosyle, attackers are distributing the malware through job recruiter ads targeting developers.
Mosyle said that the data stolen by the attackers appeared to be sent to a remote server in Finland, but added that the server infrastructure is tied to Germany. This discrepancy is likely the result of the attackers trying to obscure their location, the firm said.
Trending: ‘Scrolling To UBI’ — Deloitte’s #1 fastest-growing software company allows users to earn money on their phones. You can invest today for just $0.30/share.
Mosyle said ModStealer was likely a Malware-as-a-service product. These are malware tools that attackers create and sell to less tech-savvy affiliates.
“For security professionals, developers, and end users alike, this serves as a stark reminder that signature-based protections alone are not enough,” Mosyle told 9to5Mac. “Continuous monitoring, behavior-based defenses, and awareness of emerging threats are essential to stay ahead of adversaries.”
The ModStealer warning comes as the cryptocurrency industry reels from a large supply chain attack that caused at least one expert to warn users against conducting on-chain transactions. Attackers had compromised several widely used JavaScript packages with malware that allowed them to hijack transactions.
See Also: Kevin O’Leary Says Real Estate’s Been a Smart Bet for 200 Years — This Platform Lets Anyone Tap Into It
Thankfully, the industry was able to minimize the damage in part due to early warnings and quick action from developers. Presently, only a little over $1,000 has been lost to the exploit, which could have easily cost billions of dollars.
Before this, software supply chain security outfit ReversingLabs had reported that attackers were concealing malicious JavaScript packages in Ethereum smart contracts to “gain access to sensitive development assets, and steal sensitive data and digital assets.”
The rise of these cryptocurrency-focused malware attacks comes as the industry is gaining increased mainstream attention and attracting more capital as a result.
Read Next: 7 Million Gamers Already Trust Gameflip With Their Digital Assets — Now You Can Own a Stake in the Platform
Image: Shutterstock
This article Undetectable Malware Targeting Crypto Wallet Data Of Job Seekers: Report originally appeared on Benzinga.com
Terms and Privacy Policy
