A newly discovered malware called ModStealer targets crypto users across MacOS, Windows and Linux systems, poses the risk of accessing wallets and credentials.
Apple-focused security company Mosyle said it has been completely undetected by major antivirus engines for almost a month since it was uploaded to Virustotal, an online platform that detects malware and analyzes files that detect malicious content.
Mosyle said ModStealer is designed to extract data using preloaded code that steals private keys, certificates, credentials and browser-based wallet extensions. Security researchers have discovered a variety of wallet targeting logic, including extensions to Safari and Chromium-based browsers.
The security company said malware will persist on MacOS by abuse the system to register as a background agent. The team said that although the servers are hosted in Finland, they believe the infrastructure will be routed through Germany to hide the operator’s origins.
Security companies warn of fake job ads
Malware is reportedly distributed through fake job recruitment ads, a tactic that is increasingly used to target web3 developers and builders.
When a user installs a malicious package, ModStealer will be embedded in the system and run in the background. Capture data from the clipboard, take a screenshot, and execute a remote command.
Stephen Ajayi, Dapp and technical leads at AI audit blockchain security company Hacken told Cointelegraph that malicious recruitment campaigns are becoming increasingly common using fraudulent “test tasks” as a malware delivery mechanism. He warned developers to take additional precautions when asked to download files or complete a full evaluation.
“Developers need to verify the legitimacy of recruiters and related domains,” Ajayi told Cointelegraph. “Sharing assignments through a public repository and requesting tasks to be opened only in disposable virtual machines that do not have a wallet, SSH key, or password manager.”
Emphasizing the importance of compartmentalizing sensitive assets, Ajayi advised the team to maintain a strict separation between the development environment and wallet storage.
“A clear separation between the development environment ‘development box’ and the wallet environment ‘wallet box’ is essential,” he told Cointelegraph.
Related: Failed NPM Exploit Highlights Posing Threat to Crypto Security: exec
Hacken Security Lead shares practical steps with users
Ajayi also highlighted the importance of basic wallet hygiene and endpoint stiffening to protect against threats like ModStealer.
“I use a hardware wallet and always check the transaction address on the device display, and at least the first and last six letters before accepting,” he told Cointelegraph.
Ajayi advised users to maintain a dedicated lockdown browser profile or separate device dedicated to wallet activity, interacting with only trusted wallet extensions.
For account protection, he recommended offline storage for seed phrases, multifactor authentication, and FIDO2 passkeys where possible.
https://www.youtube.com/watch?v=pf_ibefihvc
magazine: Thailand’s “Big Secret” Crypto Hack, RWA Token for Chinese Developers: Asia Express
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
