#CryptoScamAlert According to security experts, the new virus spreads through fake job postings and disguises itself as a background service on the victim's device. Users may have their private keys, seed phrases of cryptocurrency wallets, and API keys of exchanges stolen.
"ModStealer is not detected by popular antivirus solutions. Unlike traditional malware, ModStealer stands out with support for multiple platforms and a hidden execution chain with zero detection," said experts from Mosyle.
All stolen information is sent to remote servers, and on macOS, the program installs itself as an "assistant" and runs at every system startup. ModStealer poses a serious threat to the entire ecosystem of digital assets, say experts from Mosyle.
Earlier, experts from the cybersecurity company Aikido Security reported that hackers compromised NPM - the package registry (libraries) for software written in JavaScript, and then uploaded a malicious program to steal cryptocurrency by substituting wallet addresses and intercepting transactions.
