New ModStealer Malware Poses Threat to Crypto Wallets on macOS, Windows and Linux

A newly uncovered malware strain dubbed ModStealer is targeting cryptocurrency users across macOS, Windows and Linux, according to security researchers.

Apple-focused firm Mosyle revealed the malware, noting it went undetected by major antivirus tools for nearly a month after being uploaded to VirusTotal. ModStealer is designed to steal private keys, browser-based wallet extensions, certificates and credentials, persisting on macOS by registering as a background agent. Researchers believe its infrastructure is routed through Germany to conceal the operators’ origins.

The malware is being spread through fake job ads — a tactic increasingly used to target Web3 developers. Once installed, it can capture clipboard data, take screenshots and execute remote commands.

Stephen Ajayi, technical lead at blockchain security firm Hacken, urged developers to verify recruiters and isolate development from wallet environments. He advised users to rely on hardware wallets, maintain strict separation between browsing and wallet activities, and store seed phrases offline with multifactor authentication.

Kursiv Uzbekistan also reports that Africa has its first Bitcoin treasury firm, with South Africa’s Altvest Capital rebranding as Africa Bitcoin Corporation (ABC) and debuting on the Johannesburg Stock Exchange.