A newly-discovered malware called ModStealer is targeting cryptocurrency users across macOS, Windows, and Linux systems, posing risks to wallet security.
Characteristics of ModStealer Malware
The Apple-focused security firm Mosyle reported that ModStealer remains undetected by major antivirus engines for nearly a month after being uploaded to VirusTotal. The malware is designed to steal private keys, certificates, credential files, and wallet extensions in Safari and Chromium-based browsers.
Distribution Through Fake Job Ads
ModStealer is reportedly distributed through fake job recruitment ads, a tactic increasingly used to target Web3 developers. Once users install the malicious package, the malware embeds itself and operates in the background, capturing clipboard data, taking screenshots, and executing remote commands.
Security Recommendations from Experts
Stephen Ajayi, DApp and AI audit technical lead at Hacken, advises developers to validate the legitimacy of recruiters and associated domains. He emphasizes the importance of separating development environments from wallet storage and recommends the use of hardware wallets and multifactor authentication.
ModStealer poses a serious threat to cryptocurrency users across multiple platforms. Experts urge caution and adherence to security best practices to protect personal data and assets.
