# Endpoint Malware Targets Crypto Keys Beyond Smart-Contract Exploits

Beyond on-chain contract exploits, key-harvesting malware targets private keys at the device and supply-chain level, opening a distinct and growing attack surface for crypto holders.

- Conviction: 62 / 100 (weakening)
- 7-day move: +12
- Horizon: Short term (next 30 days)
- Tracking since: 2026-06-19T00:00:00.000Z
- Last updated: 2026-07-07T14:00:01.950Z
- Canonical: https://polylog.news/crypto/trends/wallet-stealing-malware-endpoint-threat
- Publisher: Polylog
- Affected regions: Global

## Recent score history

- 2026-07-06: 64
- 2026-07-07: 62

## Recent evidence

- [confirms] Fake Mac App Shows How Malware Is Going After Crypto Keys on the Device (2026-07-06): Reporting on the 'PamStealer' macOS malware, disguised as a clipboard utility to steal passwords and drain wallets, reinforces the endpoint key-theft attack surface.
- [confirms] Fake Mac App Shows How Malware Is Going After Crypto Keys on the Device (2026-07-06): Researchers documented 'PamStealer,' macOS malware disguised as a clipboard tool that harvests passwords and drains wallets, underscoring a device-level attack surface distinct from smart-contract exploits.

12 more evidence entries, the full score history, the conviction-driver timeline, and affected assets are for subscribers: https://polylog.news/pricing
