The new ModStealer malware targets cross-platform cryptocurrency wallets

ChainCatcher news, according to Cointelegraph, based on research by the security company Mosyle, the newly discovered malware ModStealer is targeting cryptocurrency users on macOS, Windows, and Linux systems, stealing wallet private keys and login credentials.

The malware went undetected by mainstream antivirus engines for nearly a month after being uploaded to the VirusTotal platform. ModStealer spreads through fake job advertisements, particularly targeting Web3 developers. Once users install the malicious package, the program embeds itself to run in the system background, stealing clipboard data, taking screenshots, and executing remote commands. Its code specifically targets wallet extensions for Safari and Chromium browsers.

ModStealer maintains persistence on macOS by registering a background agent, with servers located in Finland but possibly masking the operator's origin through German infrastructure. The technical director of blockchain security company Hacken advises developers to verify the authenticity of the hiring party and domain names, request to share test tasks through public code repositories, and open files in a temporary virtual machine without wallets and keys. It emphasizes the need to strictly separate the development environment from the wallet storage environment, use hardware wallets, and verify transaction addresses on the device's display.