According to security experts, the new virus is distributed through fake job postings and disguises itself as a background service on the victim's device. Users may have their private keys, crypto wallet seed phrases, and exchange API keys stolen.

"ModStealer is not detected by popular antivirus solutions. Unlike traditional malware, ModStealer stands out for its support for multiple platforms and a hidden execution chain with zero detection," Mosyle experts said.

All stolen information is sent to remote servers, and on macOS, the program is fixed as an "assistant" and runs every time the system starts. ModStealer poses a serious threat to the entire ecosystem of digital assets, Mosyle experts believe.

Earlier, experts from cybersecurity company Aikido Security reported that hackers had broken into NPM, a registry of packages (libraries) for JavaScript software, and then uploaded malware to steal cryptocurrency by replacing wallet addresses and intercepting transactions.