Security News > 2023 > July > Realst info-stealing malware targets macOS cryptocurrency users
A new Mac malware named "Realst" is being used in a massive campaign targeting Apple computers, with some of its latest variants including support for macOS 14 Sonoma, which is still in development.
The malware, first discovered by security researcher iamdeadlyz, is distributed to both Windows and macOS users in the form of fake blockchain games using names such as Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and SaintLegend.
In reality, the game installers infect devices with information-stealing malware, such as RedLine Stealer on Windows and Realst on macOS. This malware will steal data from the victim's web browsers and cryptocurrency wallet apps and send them back to the threat actors.
SentinelOne analyzed 59 Mach-O samples of the Realst malware found by iamdeadlyz, focusing on its macOS versions, and found several distinct differences.
When downloading the fake game from the threat actor's site, they will be offered either Windows or macOS malware, depending on their OS. The Windows malware is typically RedLine Stealer, but sometimes other malware like Raccoon Stealer and AsyncRAT. For Mac users, the sites will distribute the Realst info-stealing malware, which targets Mac devices as PKG installers or DMG disk files containing the malicious Mach-O files but no real games or other decoy software.
In all cases, the malware targets Firefox, Chrome, Opera, Brave, Vivaldi, and the Telegram app, but none of the analyzed Realst samples target Safari.
News URL
Related news
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- macOS HM Surf vuln might already be under exploit by major malware family (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- New RustyAttr Malware Targets macOS Through Extended Attribute Abuse (source)