New ModStealer malware targets crypto wallets across operating systems

According to ChainCatcher, according to Cointelegraph, according to research by security company Mosyle, the newly discovered malware ModStealer is targeting cryptocurrency users in macOS, Windows and Linux systems, stealing wallet private keys and login credentials. The malware has not been detected by mainstream antivirus engines within nearly a month after it was uploaded to the VirusTotal platform. ModStealer is spread through fake job ads, especially for Web3 developers. After the user installs the malware package, the program will be embedded in the system background to run, steal clipboard data, take screenshots and execute remote commands. Its code is specifically targeted at Safari and Chromium browser wallet extensions. ModStealer continues to reside on macOS by registering a backend agent, the server is located in Finland but may be masked by the German infrastructure. The technology director of blockchain security company Hacken recommends developers to verify the authenticity of recruiters and domain names, require sharing of test tasks through public code bases, and open files in temporary virtual machines without wallets and keys. It is emphasized that it is necessary to strictly distinguish the development environment from the wallet storage environment, use hardware wallets and check the transaction address on the device display screen.