Close Menu
  • Instructions
  • News
    • DeFi
    • Smart Contract
    • Markets
    • Web3
    • Adoption
    • Memecoins
    • Analysis
    • Mining
    • Scams
    • Security
  • Education
    • Learn
    • Wallets & Exchange
  • Documentaries
  • Videos
    • Alessio Rastani
    • Altcoin Buzz
    • Coin Bureau
    • Dapp University
    • DataDash
    • Digital asset News
    • EllioTrades Crypto
    • MMCrypto
    • Lark Davis
    • Ivan on Tech
    • Benjamin Cowen
  • Market
    • Crypto Market Cap
    • Heat Map
    • Converter
    • Metal Prices
    • Stock prices
  • Bonus Books
  • Tools
What's Hot

Odyssey Stealer Hits 100+ Countries, Targets 16+ Crypto Wallet Apps on macOS

July 10, 2026

U.S. government digital dollar set to be banned tonight under housing law's CBDC limit

July 10, 2026

AAVE Price Prediction: $100 Is the Line in the Sand — Here’s What Comes Next

July 10, 2026
Facebook X (Twitter) Instagram
Recession Profit AlertsRecession Profit Alerts
  • Instructions
  • News
    • DeFi
    • Smart Contract
    • Markets
    • Web3
    • Adoption
    • Memecoins
    • Analysis
    • Mining
    • Scams
    • Security
  • Education
    • Learn
    • Wallets & Exchange
  • Documentaries
  • Videos
    • Alessio Rastani
    • Altcoin Buzz
    • Coin Bureau
    • Dapp University
    • DataDash
    • Digital asset News
    • EllioTrades Crypto
    • MMCrypto
    • Lark Davis
    • Ivan on Tech
    • Benjamin Cowen
  • Market
    • Crypto Market Cap
    • Heat Map
    • Converter
    • Metal Prices
    • Stock prices
  • Bonus Books
  • Tools
Recession Profit AlertsRecession Profit Alerts
Home»Security»Odyssey Stealer Hits 100+ Countries, Targets 16+ Crypto Wallet Apps on macOS
Security

Odyssey Stealer Hits 100+ Countries, Targets 16+ Crypto Wallet Apps on macOS

July 10, 2026No Comments3 Mins Read

A new wave of the Odyssey Stealer malware is targeting macOS users in more than 100 countries, according to security researchers at Moonlock Lab. The latest version is built to steal passwords, browser data, cryptocurrency wallets, cloud credentials, and developer files while maintaining long-term access to infected devices.

Researchers said the malware has evolved beyond simple credential theft. Once installed, it can replace legitimate cryptocurrency wallet applications with modified versions designed to capture wallet credentials and transaction information.

The campaign primarily targets users interested in cryptocurrency and finance through fake websites that imitate trusted platforms and software download pages.

Targets Wallets, Browsers, and Developer Credentials

The malware steals login credentials, cookies, and autofill data from major browsers, including Chrome, Brave, Microsoft Edge, Vivaldi, Opera, Arc, Firefox, and Waterfox.

For cryptocurrency users, Odyssey searches for wallet files from more than 16 desktop wallet applications, including Electrum, Exodus, Ledger Live, Trezor Suite, Bitcoin Core, Litecoin Core, Dash Core, and Monero, while also scanning nearly 300 cryptocurrency browser extension IDs for wallet data and private keys.

Beyond crypto assets, the malware collects SSH keys, Apple Keychain databases, Telegram and Discord data, FileZilla credentials, terminal history, and configuration files for AWS, Google Cloud, Microsoft Azure, and Docker. It also attempts to obtain the user’s local macOS password using the built-in dscl authentication tool.

According to the malware analysis shared by Moonlock Lab, infected systems establish communication with the primary command-and-control (C2) server at 165[.]245.215.18, with rahtam[.]com serving as a fallback and scubin[.]com delivering second-stage payloads, including trojanized wallet applications.

See also  U.S. sanctions 6 people, 2 companies that laundered $800 million in crypto for North Korea

Fake Apps and ClickFix Technique Drive Infections

Security researchers say Odyssey is commonly delivered through the ClickFix attack method. Victims are redirected to fake websites that closely resemble the Apple App Store, cryptocurrency news platforms, or financial services.

These pages display a fake Cloudflare verification screen instructing macOS users to copy and paste a command into the Terminal. Instead of completing a verification check, the command downloads and executes an AppleScript that installs the malware.

The script creates persistent LaunchDaemon services, allowing Odyssey to survive system reboots and continuously communicate with attacker-controlled servers.

The malware also displays a fake password prompt to capture the user’s macOS password. Once validated, it copies Keychain files, browser databases, wallet files, and personal documents before compressing everything into a ZIP archive and uploading it to its command server.

If the upload fails, it automatically retries multiple times to ensure the stolen data is delivered. Researchers also found the malware stealing files from the Desktop and Documents folders, including TXT, PDF, DOCX, JPG, PNG, RTF, and KeePass database (.kdbx) files.

Malware-as-a-Service Operation

Security firms SOC Prime and CYFIRMA describe Odyssey as a Malware-as-a-Service (MaaS) platform. Affiliates can rent access to a centralized administration panel that tracks infected devices, manages stolen credentials, builds customized malware versions, and restores hijacked browser sessions using stolen cookies.

Investigators linked multiple Odyssey control panels to infrastructure hosted primarily in Russia. Threat researchers believe Odyssey is a rebranded version of Poseidon Stealer, which itself originated from the AMOS Stealer malware family.

The operation mainly targets users in the United States and Europe while largely avoiding victims in Commonwealth of Independent States (CIS) countries, a pattern often associated with Russian-speaking cybercrime groups.

See also  Fake Bitdefender Site Spreads Trio of Malware Tools

Related: SlowMist Says There Were 182 Blockchain Security Issues in H1 2026

Source link

Apps countries Crypto hits macOS Odyssey Stealer Targets Wallet

Related Posts

Summer.fi Hacker Moves $1.35M Into Tornado Cash

July 10, 2026

New Crypto: BNB Based AlphaPepe Nears Tier-1 Exchange Debut While Ethereum Price Prediction Targets $4000

July 10, 2026

113 Active Spies From Foreign Countries Arrested: FBI Director

July 10, 2026

Grayscale's CFO exits after 7 years with crypto asset manager

July 10, 2026
Top Posts

AAVE Price Prediction: Targets $125-135 Recovery by April 2026

March 13, 2026

Fujitsu’s Web3 Acceleration Platform Powers Kanazawa Event

October 2, 2023

Bitcoin Slips Below $27K, but What Might Government Shutdown Mean for Prices?

September 30, 2023

Type above and press Enter to search. Press Esc to cancel.