Even the upcoming macOS Sonoma update isn't safe from this malware

Posted:
in macOS

A recently discovered Mac malware, known as "Realst," is currently employed in a large-scale campaign to steal cryptocurrency wallets -- and even targets the still-developing macOS Sonoma.

New Mac malware targets cryptocurrency wallets
New Mac malware targets cryptocurrency wallets



Security researcher iamdeadlyz uncovered the malware, which is being distributed to both Windows and macOS users disguised as fake blockchain games. The malicious software adopts deceptive names like Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and SaintLegend.

The attackers promote these games on social media platforms, distributing access codes through direct messages to enable users to download the fake game client from linked websites.

The game installers are designed to infect devices with information-stealing malware. It includes RedLine Stealer on Windows, and on macOS, it installs Realst.

This malicious software is programmed to extract data from the victim's web browsers and cryptocurrency wallet applications, sending the stolen information back to the people behind the campaign.

Realst malware



SentinelOne, a cybersecurity firm, analyzed 59 samples of the Realst malware and identified 16 distinct variants, indicating active and rapid development. The malware targets various browsers and the Telegram app but doesn't target Safari.

Malware variants are categorized into four main families based on their traits. They use different techniques to trick users into providing their passwords, which are then used to steal data.

Specific strings in the malware code suggest that its authors are preparing for the upcoming macOS 14 Sonoma release. Mac users visiting these malicious websites will encounter the distribution of Realst info-stealing malware.

The malware targets Mac devices and is disguised as PKG installers or DMG disk files. These files contain malicious Mach-O files but don't include any genuine games or other decoy software.

SentinelOne's investigation revealed that certain samples of the malware are codesigned using legitimate, but now invalidated, Apple Developer IDs or ad-hoc signatures. It's a tactic is used to evade detection by security tools.

How to protect yourself from Realst



To safeguard against malware threats like "Realst," it's crucial to maintain an updated operating system and all associated software. Although in this case, updating to macOS Sonoma may not be enough by itself.

Always be cautious when downloading software or files, especially if they're promoted through unsolicited messages or emails. Installing reputable antivirus and anti-malware software is advisable, ensuring it's updated and scanned regularly.

Mac users are advised to be cautious with blockchain games, as the primary goal of this malware is to steal cryptocurrency wallets and the funds within them.

Read on AppleInsider

Comments

  • Reply 1 of 9
    ilarynxilarynx Posts: 103member
    Oh, noes! Bad guys are out to steal my Crypto wallet? Are they different people from the bad guys trying to fill my Crypto wallet?

    What's next? Bad guys trying to steal my Monopoly money?

    "How to protect yourself"? Maybe not fall for Crypto scams in the first place? 

    In other news, anyone want to buy a Pet Rock?



    FileMakerFellerMBearwatto_cobrajony0
  • Reply 2 of 9
     Open Terminal cut and paste - if it runs nothing, nothing is there - no worries.  They all hide in that place, if you want bullet proof initialize the drive with Disk Utility  (meaning erase everything) not fun. Paste in Terminal  this is for the test.
    /Applications/DetectX\ Swift.app/Contents/MacOS/DetectX\ Swift search -a

    Now you can replace Swift.app with any application.  Just use that command.  It can read
    /Applications/DetectX\ Messages.app/Contents/MacOS/DetectX\ Messages search -a
    bonobobFileMakerFeller
  • Reply 3 of 9
    AppleZuluAppleZulu Posts: 2,070member
    One day we'll look back and laugh about that time when tech nerds accidentally started playing around with money laundering schemes used by the Russian mafia and various international drug cartels, while coke-addled Wall Street wannabes dumped all their money into it because the were sure it was the next big thing. Yeah, good times. 
    williamlondonbonobobFileMakerFellerwatto_cobraMplsPjony0
  • Reply 4 of 9
    auxioauxio Posts: 2,744member
    Weird bunch of reactions to this. The fact that they're targeting crypto wallets is immaterial. Once they get access to a machine via this attack vector, they could be targeting any number of things on your system (passwords, signed in accounts, etc).

    The real point here is to make sure people understand these kinds of risks when installing apps from sources other than the App Store. Even moreso if the app is unsigned. It's unclear whether these apps are signed or not, but if they are, you can be sure Apple will be blacklisting whatever developer account was used to sign them (meaning the installers will stop working).

    williamlondonFileMakerFellerwatto_cobragatorguyjony0
  • Reply 5 of 9
    mayflymayfly Posts: 385member
    Why on earth would a law-abiding, private citizen want anything to do with crypto? Isn't what happened with FTX and Coinbase enough to convince you that crypto is nothing but another variation of a Ponzi scheme? Ever hear of the Greater Fool Theory? You take your hard earned money, and get a wallet full of Bitcoins that are useless for legal purposes, and hope you can find a fool greater than you to buy them for more than you paid. And that's if the crook who sold them to you doesn't just install malware on your device and steal them from you, leaving your kids with no college fund.

    Good luck.
    BiCCwatto_cobraFileMakerFellerjony0
  • Reply 6 of 9
    mayfly said:
    Why on earth would a law-abiding, private citizen want anything to do with crypto? Isn't what happened with FTX and Coinbase enough to convince you that crypto is nothing but another variation of a Ponzi scheme? Ever hear of the Greater Fool Theory? You take your hard earned money, and get a wallet full of Bitcoins that are useless for legal purposes, and hope you can find a fool greater than you to buy them for more than you paid. And that's if the crook who sold them to you doesn't just install malware on your device and steal them from you, leaving your kids with no college fund.

    Good luck.

    I understand where your logic is coming from.  But it is actually called the Blockchain, and it is a hard concept to get your mind around - it took me years.  Currently it's under attack.  If we don't get Fiat currency out, we will only see the same.  We have never proposed to end Fiat currency.  FTX - Coinbase were set up by deep states to undermine the Blockchain, and they are non-existent.  It was a joke.  You are your own Bank on Blockchain.  That makes many people angry.  But you have to buy a can of pop to get it done using Blockchain (to succeed).  It's being blocked.  The Banks are not happy.  Government and Banks play Filthy.  Incarceration hasn't stopped us.
    mayfly
  • Reply 7 of 9
    mayflymayfly Posts: 385member
    BiCC said:
    mayfly said:
    Why on earth would a law-abiding, private citizen want anything to do with crypto? Isn't what happened with FTX and Coinbase enough to convince you that crypto is nothing but another variation of a Ponzi scheme? Ever hear of the Greater Fool Theory? You take your hard earned money, and get a wallet full of Bitcoins that are useless for legal purposes, and hope you can find a fool greater than you to buy them for more than you paid. And that's if the crook who sold them to you doesn't just install malware on your device and steal them from you, leaving your kids with no college fund.

    Good luck.

    I understand where your logic is coming from.  But it is actually called the Blockchain, and it is a hard concept to get your mind around - it took me years.  Currently it's under attack.  If we don't get Fiat currency out, we will only see the same.  We have never proposed to end Fiat currency.  FTX - Coinbase were set up by deep states to undermine the Blockchain, and they are non-existent.  It was a joke.  You are your own Bank on Blockchain.  That makes many people angry.  But you have to buy a can of pop to get it done using Blockchain (to succeed).  It's being blocked.  The Banks are not happy.  Government and Banks play Filthy.  Incarceration hasn't stopped us.
    I know what blockchain is. Epiq Angle published an article saying, "Since 2017, public data shows that hackers have stolen around $2 billion in blockchain cryptocurrency. This recent activity illustrates that blockchain is unfortunately not unhackable and users should still be cautious, especially when trading on exchanges." They also demonstrated how it's done:
    BiCCFileMakerFeller
  • Reply 8 of 9
    mayfly said:
    BiCC said:
    mayfly said:
    Why on earth would a law-abiding, private citizen want anything to do with crypto? Isn't what happened with FTX and Coinbase enough to convince you that crypto is nothing but another variation of a Ponzi scheme? Ever hear of the Greater Fool Theory? You take your hard earned money, and get a wallet full of Bitcoins that are useless for legal purposes, and hope you can find a fool greater than you to buy them for more than you paid. And that's if the crook who sold them to you doesn't just install malware on your device and steal them from you, leaving your kids with no college fund.

    Good luck.

    I understand where your logic is coming from.  But it is actually called the Blockchain, and it is a hard concept to get your mind around - it took me years.  Currently it's under attack.  If we don't get Fiat currency out, we will only see the same.  We have never proposed to end Fiat currency.  FTX - Coinbase were set up by deep states to undermine the Blockchain, and they are non-existent.  It was a joke.  You are your own Bank on Blockchain.  That makes many people angry.  But you have to buy a can of pop to get it done using Blockchain (to succeed).  It's being blocked.  The Banks are not happy.  Government and Banks play Filthy.  Incarceration hasn't stopped us.
    I know what blockchain is. Epiq Angle published an article saying, "Since 2017, public data shows that hackers have stolen around $2 billion in blockchain cryptocurrency. This recent activity illustrates that blockchain is unfortunately not unhackable and users should still be cautious, especially when trading on exchanges." They also demonstrated how it's done:

    I FULLY agree.  DO NOT change on exchanges.  They are Jokes.  Use a Hard Wallet.  They would never know the amount, it was probably greater than $2 Billion so the article is inaccurate.  It's not liked robbing a bank and they know the amount to a penny.  The entire hacking culture is about Jokes.  Blockchain will prevail, but Rome was not built in a day.  Blockchain is NOT being hacked, people are literally giving away money to a guy on the street.  The only obstacle to Blockchain are the globalists, and is a very tough fight, they will turn off the internet if they have too.  We do have a moral code and are not hacking people.  It's the deep state.  I'm not mentally ill. Blockchain has gone after Banks but you will NOT see one report.
    mayfly
  • Reply 9 of 9
    Bitcoin is nothing more than a new-age fiat currency.  Tulip bulbs, anyone?  Stay far away from free games outside of a well recognized app store (and be suspicious of apps from unknown developers, even on a well known app store).  
Sign In or Register to comment.