New ModStealer malware targets crypto wallets across operating systems

PANews September 12th news, according to Cointelegrap, according to research by security company Mosyle, the newly discovered malware ModStealer is targeting cryptocurrency users of macOS, Windows and Linux systems, stealing wallet private keys and login credentials. The malware has not been detected by mainstream antivirus engines within nearly a month after being uploaded to the VirusTotal platform. ModStealer is spread through fake job ads, especially for Web3 developers. After the user installs the malware package, the program will be embedded in the system background to run, steal clipboard data, take screenshots and execute remote commands. Its code is specifically targeted at Safari and Chromium browser wallet extensions. ModStealer continues to reside on macOS through a registered backend agent, the server is located in Finland but may be masked by the German infrastructure. The technology director of Hacken, a blockchain security company, recommends developers to verify the authenticity of the recruiter and domain names, require sharing of test tasks through public code bases, and open files in temporary virtual machines without wallets and keys. It is emphasized that it is necessary to strictly distinguish the development environment from the wallet storage environment, use hardware wallets and check the transaction address on the device display screen.