Security News > 2023 > July > New Realst macOS malware steals your cryptocurrency wallets
A new Mac malware named "Realst" is being used in a massive campaign targeting Apple computers, with some of its latest variants including support for macOS 14 Sonoma, which is still in development.
In reality, the game installers infect devices with information-stealing malware, such as RedLine Stealer on Windows and Realst on macOS. This type of malware will steal data from the victim's web browsers and cryptocurrency wallet apps and send them back to the threat actors.
SentinelOne analyzed 59 Mach-O samples of the Realst malware found by iamdeadlyz, focusing on its macOS versions, and found several distinct differences.
When downloading the fake game from the threat actor's site, they will be offered either Windows or macOS malware, depending on their OS. The Windows malware is typically RedLine Stealer, but sometimes other malware like Raccoon Stealer and AsyncRAT. For Mac users, the sites will distribute the Realst info-stealing malware, which targets Mac devices as PKG installers or DMG disk files containing the malicious Mach-O files but no real games or other decoy software.
In all cases, the malware targets Firefox, Chrome, Opera, Brave, Vivaldi, and the Telegram app, but none of the analyzed Realst samples target Safari.
The presence of those strings shows that the malware authors are already preparing for Apple's forthcoming desktop OS release, ensuring that Realst will be compatible and working as expected.
News URL
Related news
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- macOS HM Surf vuln might already be under exploit by major malware family (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- New RustyAttr Malware Targets macOS Through Extended Attribute Abuse (source)