A newly-discovered malware called ModStealer is posing threats to cryptocurrency users across macOS, Windows, and Linux systems. It is designed to extract sensitive data from wallets and credentials, operating undetected for nearly a month by major antivirus engines. The malware is distributed through fake job postings aimed at Web3 developers, with the capability to capture clipboard data, take screenshots, and execute remote commands. Security researchers from Mosyle noted that ModStealer registers as a background agent to persist on macOS and has its infrastructure masked to obscure the operators' location. Hacken's Stephen Ajayi emphasized the importance of basic wallet hygiene and endpoint security, recommending users validate the legitimacy of job recruiters, utilize hardware wallets, and confirm transaction addresses on device displays. Furthermore, developers are urged to maintain a strict separation between their development environments and wallet storage to mitigate risks associated with such malware.

Source đź”—