A new malware family threatens Apple macOS users called “Realst,” mainly focused on the forthcoming major release, macOS 14 Sonoma. This alarming discovery comes amid rising cyber threats targeting macOS.
The malware, programmed in Rust, is camouflaged as counterfeit blockchain games, with the potential to drain cryptocurrency wallets and snatch stored passwords and browser data from both Windows and macOS devices. The nefarious software was initially identified in the wild by a vigilant security researcher named iamdeadlyz.
Phil Stokes, a security expert at SentinelOne, revealed, “The Realst Infostealer is spread via deceptive websites promoting sham blockchain games such as Brawl Earth, WildWorld, and others. Disturbingly, every iteration of the counterfeit game even boasts its own website, Twitter, and Discord channels.”
With an analysis of 16 variants from 59 samples, SentinelOne detected probable connections to another info stealer campaign, Pureland, which surfaced this March. While Windows devices are getting targeted by the RedLine Stealer, macOS devices are the main target of Realst.
The modus operandi involves the culprits contacting potential victims directly via social media. As collaborators, they lure the victims to test a game, only to rob their cryptocurrency wallets and lift sensitive data upon execution.
A wide range of browsers, including Brave, Google Chrome, Mozilla Firefox, Opera, and Vivaldi, are on the hit list, while Apple Safari remains an exception. Stokes further elaborated that the malware can gather data from Telegram and even capture screenshots. “The extensive variation of Realst samples indicates a determined effort by the adversaries to exploit macOS users,” he added.
The revelation about Realst is on the heels of another discovery – SophosEncrypt, a trojan masquerading as the cybersecurity company Sophos.
This surge in malware activity underscores the increasingly lucrative dark web marketplace, where stolen data is traded for profit. As per Bitdefender reports, a staggering 200,000 OpenAI credentials were leaked via stealer logs in 2022 and 2023. Such breaches, especially of enterprise credentials, can pave the way for more profound cyber-attacks, leading to even more sinister activities like ransomware deployment.