PANews reported on September 12th that according to Decrypt , security firm Mosyle has revealed the cross-platform malware ModStealer , which can bypass detection from mainstream antivirus software by disguising itself as a background helper program. It specifically steals encrypted browser wallet data on Windows , Linux , and macOS systems. The malware is distributed through disguised job advertisements, targeting developers with Node.js installed. ModStealer automatically runs and collects wallet extensions, system credentials, and digital certificates, then uploads the data to a remote command-and-control (C2 ) server. Security experts warn that this malware poses a direct threat to crypto users and platforms, potentially leading to the leakage of private keys, mnemonics, and API keys, and triggering large-scale on-chain attacks.