- Malware is distributed to Windows and macOS users as fake blockchain games
- The installer sends an access code and infects the user’s device
- The main goal is to steal funds held in crypto wallets
Realst, a dangerous new malware, is being leveraged in a massive campaign against Apple and Windows users. Some of its most recent forms include support for macOS 14 Sonoma, which is currently in development, Bankless Times learned from a specialized cybersecurity platform.
How does it work?
The malicious actors distribute the malware to both Windows and macOS users in the form of fake blockchain games with appealing names, such as Pearl, Evolition, Brawl Earth, Dawnland, Destruction, and SaintLegend.
They promote these games on social media. The actors share the access codes needed to download the fake games from associated websites in direct messages.
The installer infects the user’s device with malware that steals information. The malware is Realst on Mac and RedLine Stealer on Windows. This malware steals data from the user’s crypto wallet app and web browser and transfers it to the malicious actors.
16 variants of the malware
There are 16 variants of the macOS malware already, which indicates fast and active development. Users are offered either Mac or Windows malware when downloading the fake game from the fraudulent site depending on their OS.
Mac users are infected with the Realst data-stealing malware, which targets Mac devices as DMG disk files or PKG installers containing malicious files.
Following an analysis by the cybersecurity experts at SentinelOne, it emerged that all 16 Realst variants were similar in form and function, despite using different API call sets.
Only Safari is safe
It also emerged that the malware targets Chrome, Firefox, Brave, Opera, Telegram, and Vivaldi. Safari has not been targeted by any of the analyzed Realst samples.
MacOS users are advised to exercise caution when downloading blockchain games. The malevolent entities use “verified” Twitter accounts and Discord channels to look legitimate.
These attacks can be very costly as their main goal is to steal funds held in crypto wallets. They target crypto users specifically.