PANews reported on September 12 that according to Cointelegrap, according to research by security company Mosyle, the newly discovered malware ModStealer is targeting cryptocurrency users on macOS, Windows, and Linux systems to steal wallet private keys and login credentials. The malware was not detected by mainstream antivirus engines for nearly a month after being uploaded to the VirusTotal platform. ModStealer is spread through fake recruitment advertisements, especially targeting Web3 developers. After the user installs the malware package, the program will be embedded in the system background and run, stealing clipboard data, taking screenshots, and executing remote commands. Its code specifically targets Safari and Chromium browser wallet extensions. ModStealer persists on macOS by registering a background agent. The server is located in Finland but may use German infrastructure to mask the operator's source. The technical director of blockchain security company Hacken recommends developers verify the authenticity of the hiring company and domain name, share testing tasks through public code repositories, and open files in a temporary virtual machine without a wallet or private keys. He also emphasizes the need to strictly separate development environments from wallet storage environments, use hardware wallets, and verify transaction addresses on the device's display.PANews reported on September 12 that according to Cointelegrap, according to research by security company Mosyle, the newly discovered malware ModStealer is targeting cryptocurrency users on macOS, Windows, and Linux systems to steal wallet private keys and login credentials. The malware was not detected by mainstream antivirus engines for nearly a month after being uploaded to the VirusTotal platform. ModStealer is spread through fake recruitment advertisements, especially targeting Web3 developers. After the user installs the malware package, the program will be embedded in the system background and run, stealing clipboard data, taking screenshots, and executing remote commands. Its code specifically targets Safari and Chromium browser wallet extensions. ModStealer persists on macOS by registering a background agent. The server is located in Finland but may use German infrastructure to mask the operator's source. The technical director of blockchain security company Hacken recommends developers verify the authenticity of the hiring company and domain name, share testing tasks through public code repositories, and open files in a temporary virtual machine without a wallet or private keys. He also emphasizes the need to strictly separate development environments from wallet storage environments, use hardware wallets, and verify transaction addresses on the device's display.