Andrew Orr
A recently discovered Mac malware, known as "Realst," is currently employed in a large-scale campaign to steal cryptocurrency wallets — and even targets the still-developing macOS Sonoma.
Security researcher iamdeadlyz uncovered the malware, which is being distributed to both Windows and macOS users disguised as fake blockchain games. The malicious software adopts deceptive names like Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and SaintLegend.
The attackers promote these games on social media platforms, distributing access codes through direct messages to enable users to download the fake game client from linked websites.
The game installers are designed to infect devices with information-stealing malware. It includes RedLine Stealer on Windows, and on macOS, it installs Realst.
This malicious software is programmed to extract data from the victim's web browsers and cryptocurrency wallet applications, sending the stolen information back to the people behind the campaign.
Realst malware
SentinelOne, a cybersecurity firm, analyzed 59 samples of the Realst malware and identified 16 distinct variants, indicating active and rapid development. The malware targets various browsers and the Telegram app but doesn't target Safari.
Malware variants are categorized into four main families based on their traits. They use different techniques to trick users into providing their passwords, which are then used to steal data.
Specific strings in the malware code suggest that its authors are preparing for the upcoming macOS 14 Sonoma release. Mac users visiting these malicious websites will encounter the distribution of Realst info-stealing malware.
The malware targets Mac devices and is disguised as PKG installers or DMG disk files. These files contain malicious Mach-O files but don't include any genuine games or other decoy software.
SentinelOne's investigation revealed that certain samples of the malware are codesigned using legitimate, but now invalidated, Apple Developer IDs or ad-hoc signatures. It's a tactic is used to evade detection by security tools.
How to protect yourself from Realst
To safeguard against malware threats like "Realst," it's crucial to maintain an updated operating system and all associated software. Although in this case, updating to macOS Sonoma may not be enough by itself.
Always be cautious when downloading software or files, especially if they're promoted through unsolicited messages or emails. Installing reputable antivirus and anti-malware software is advisable, ensuring it's updated and scanned regularly.
Mac users are advised to be cautious with blockchain games, as the primary goal of this malware is to steal cryptocurrency wallets and the funds within them.
Sponsored Content
Wesley Hilliard
AppleInsider Staff
Amber Neely
William Gallagher
9 Comments
Oh, noes! Bad guys are out to steal my Crypto wallet? Are they different people from the bad guys trying to fill my Crypto wallet?
What's next? Bad guys trying to steal my Monopoly money?
"How to protect yourself"? Maybe not fall for Crypto scams in the first place?
In other news, anyone want to buy a Pet Rock?
One day we'll look back and laugh about that time when tech nerds accidentally started playing around with money laundering schemes used by the Russian mafia and various international drug cartels, while coke-addled Wall Street wannabes dumped all their money into it because the were sure it was the next big thing. Yeah, good times.
Weird bunch of reactions to this. The fact that they're targeting crypto wallets is immaterial. Once they get access to a machine via this attack vector, they could be targeting any number of things on your system (passwords, signed in accounts, etc).
The real point here is to make sure people understand these kinds of risks when installing apps from sources other than the App Store. Even moreso if the app is unsigned. It's unclear whether these apps are signed or not, but if they are, you can be sure Apple will be blacklisting whatever developer account was used to sign them (meaning the installers will stop working).
Why on earth would a law-abiding, private citizen want anything to do with crypto? Isn't what happened with FTX and Coinbase enough to convince you that crypto is nothing but another variation of a Ponzi scheme? Ever hear of the Greater Fool Theory? You take your hard earned money, and get a wallet full of Bitcoins that are useless for legal purposes, and hope you can find a fool greater than you to buy them for more than you paid. And that's if the crook who sold them to you doesn't just install malware on your device and steal them from you, leaving your kids with no college fund.
Good luck.