365Crypto
A new threat has entered the crypto world, and it’s sneaky. Security researchers found a malware called ModStealer that targets wallets across macOS, Windows, and Linux. It steals private keys, credentials, and browser wallet extensions.
A Malware That Slipped Past Defenses
Apple-focused firm Mosyle discovered ModStealer. Shockingly, it stayed invisible to antivirus software for almost a month after hitting VirusTotal, a site used to scan files for viruses. That silence gave hackers a head start.
The malware comes pre-loaded with code to steal keys, certificates, and login data. It even has targeting logic for wallets inside Safari and Chromium browsers. On macOS, it hides as a background agent. Investigators think its servers run through Germany to cover tracks, though the origin looks like Finland.
How Hackers Spread It
ModStealer is spreading through fake job ads. This isn’t a new trick—fraudulent recruitment campaigns have been hitting Web3 developers hard. Once installed, the malware captures clipboard data, screenshots, and runs remote commands.
Stephen Ajayi from Hacken warns developers: be suspicious of “test tasks” that require downloads. Always verify recruiters, and if you must run tasks, use a disposable virtual machine with no wallets or private keys.
Keep Wallets and Work Separate
Ajayi stresses the need to separate your “dev box” from your “wallet box.” Mixing them is an open invitation to hackers. Keep sensitive assets on one system and development on another.
Practical Security Tips
Ajayi also shared clear steps for staying safe:
Use hardware wallets. Always check the first and last six characters of an address before approving.
Use a separate browser profile or even a dedicated device for wallet activity.
Store seed phrases offline.
Enable multifactor authentication.
Use FIDO2 passkeys whenever possible.
Malware like ModStealer shows that crypto security is never static. The threats evolve, but so should the defenses.
