- Trending
- Comments
- Latest
A new crypto wallet exploit campaign has surfaced, raising alarm among cybersecurity researchers and crypto investors alike. According to 9to5Mac, malware dubbed ModStealer has remained undetected by leading antivirus engines for nearly a month since first being uploaded to VirusTotal.
The malware is spreading through fake job recruiter ads targeting developers, a tactic increasingly used by cybercriminals to gain trust. Victims are tricked into executing a malicious JavaScript file written in NodeJS, which bypasses traditional signature-based defenses.
Unlike basic infostealers, ModStealer is equipped with advanced features including private key extraction, clipboard hijacking, remote code execution, and screen capture tools. It specifically targets 56 browser-based crypto wallet extensions, including Safari, posing a significant crypto wallet exploit risk to everyday traders.
“This isn’t just a Mac issue anymore,” — Mosyle, a security firm, said in a statement. “The cross-platform nature of ModStealer, combined with its stealth and Malware-as-a-Service distribution model, represents an evolving threat to developers, traders, and enterprises alike.”
On macOS, ModStealer leverages Apple’s launchctl tool to gain persistence by embedding itself as a LaunchAgent. Once installed, it monitors user activity in real-time and sends stolen data to a remote server believed to be hosted in Finland but routed through German infrastructure.
Researchers warn that the malware is part of the broader Malware-as-a-Service (MaaS) ecosystem. Criminal affiliates can purchase ModStealer and deploy it without needing technical expertise, enabling large-scale crypto wallet exploit campaigns with minimal effort.
Jamf, a cybersecurity company, reported that infostealers now dominate Mac malware incidents, with a 28% surge recorded in 2025.
“The rise of MaaS tools like ModStealer means that sophisticated attacks are no longer limited to advanced hackers,” — Jamf researchers noted.
The ModStealer revelations come as phishing scams continue to plague digital asset holders. On Wednesday, blockchain analytics firm Lookonchain flagged a case where an investor lost $3.05 million in Tether (USDT) after unknowingly approving a malicious blockchain transaction.
The attacker exploited a common user oversight: verifying only the first and last characters of a wallet address, leaving the middle unchecked. This allowed the fraudster to redirect funds seamlessly, representing another form of crypto wallet exploit.
According to CertiK’s mid-2025 security report, crypto investors lost over $2.2 billion to hacks, scams, and breaches in the first half of the year. Of that total, wallet breaches alone accounted for $1.7 billion across 34 incidents, while phishing scams added $410 million across 132 separate attacks.
“These losses highlight a systemic vulnerability,” — CertiK analysts wrote. “Wallet compromises and phishing remain the most common forms of crypto wallet exploit, and investors must exercise heightened vigilance.”
For crypto investors, the rise of ModStealer and large-scale phishing attacks demonstrates how digital assets remain prime targets for sophisticated criminal operations. The malware’s ability to bypass antivirus detection and its focus on wallet extensions amplify concerns over the security of browser-based wallets.
Industry experts argue that traditional security tools are insufficient against these evolving threats. Behavior-based detection, multi-factor authentication, and hardware wallets are increasingly recommended as defenses against crypto wallet exploit attempts.
Investor protection requires both technological safeguards and stronger awareness. As phishing scams and malware converge, the challenge for the crypto sector will be balancing innovation with resilience against cybercrime.
The broader lesson for investors is that convenience often comes with hidden risks. While browser-based wallets and simple transaction approvals make trading faster, they also expand the attack surface for cybercriminals. Security professionals caution that minimizing reliance on browser extensions and custodial wallets could reduce exposure to crypto wallet exploit vulnerabilities.
Regulators and exchanges are also under pressure to step up protections. Some jurisdictions are exploring stricter compliance rules for wallet providers, while major exchanges are investing in fraud detection and incident response systems. Whether these measures are enough remains to be seen, but the growing sophistication of crypto wallet exploit campaigns suggests the industry must act urgently.
