A recently discovered Mac malware, known as "Realst," is currently employed in a large-scale campaign to steal cryptocurrency wallets — and even targets the still-developing macOS Sonoma.
Security researcher iamdeadlyz uncovered the malware, which is being distributed to both Windows and macOS users disguised as fake blockchain games. The malicious software adopts deceptive names like Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and SaintLegend.
The attackers promote these games on social media platforms, distributing access codes through direct messages to enable users to download the fake game client from linked websites.
The game installers are designed to infect devices with information-stealing malware. It includes RedLine Stealer on Windows, and on macOS, it installs Realst.
This malicious software is programmed to extract data from the victim's web browsers and cryptocurrency wallet applications, sending the stolen information back to the people behind the campaign.
SentinelOne, a cybersecurity firm, analyzed 59 samples of the Realst malware and identified 16 distinct variants, indicating active and rapid development. The malware targets various browsers and the Telegram app but doesn't target Safari.
Malware variants are categorized into four main families based on their traits. They use different techniques to trick users into providing their passwords, which are then used to steal data.
Specific strings in the malware code suggest that its authors are preparing for the upcoming macOS 14 Sonoma release. Mac users visiting these malicious websites will encounter the distribution of Realst info-stealing malware.
The malware targets Mac devices and is disguised as PKG installers or DMG disk files. These files contain malicious Mach-O files but don't include any genuine games or other decoy software.
SentinelOne's investigation revealed that certain samples of the malware are codesigned using legitimate, but now invalidated, Apple Developer IDs or ad-hoc signatures. It's a tactic is used to evade detection by security tools.
How to protect yourself from Realst
To safeguard against malware threats like "Realst," it's crucial to maintain an updated operating system and all associated software. Although in this case, updating to macOS Sonoma may not be enough by itself.
Always be cautious when downloading software or files, especially if they're promoted through unsolicited messages or emails. Installing reputable antivirus and anti-malware software is advisable, ensuring it's updated and scanned regularly.
Mac users are advised to be cautious with blockchain games, as the primary goal of this malware is to steal cryptocurrency wallets and the funds within them.