The growing menace of the new malware family known as Realst is causing increasing concern in the cyber security world. Primarily focusing on Apple macOS systems, Realst’s ominous presence has already been detected in a third of macOS 14 Sonoma samples. This impending major release of the operating system is under threat.
New malware on the horizon
Originating from the Rust programming language, the malware is notoriously disseminated through sham blockchain games. This malicious software holds the alarming capability of not only “draining crypto wallets” but also “stealing stored password and browser data” on both Windows and macOS devices. Noted security researcher iamdeadlyz was the first to spot Realst in the wild.
“Fake blockchain games with names like Brawl Earth, Dawnland, and SaintLegend serve as the carriers of Realst Infostealer,” reports SentinelOne security researcher Phil Stokes. “Each of these counterfeit games has its own website along with associated Twitter and Discord accounts.”
Links to previous cyber threats
There appears to be a connection between this nefarious activity and an earlier information-stealer campaign, Pureland, which surfaced in March. Meanwhile, Windows devices are falling prey to the RedLine Stealer.
The fraudsters typically approach their victims via direct messages on social media, enticing them with the prospect of being paid to test a game. Unfortunately, these unsuspecting individuals find their cryptocurrency wallets drained and sensitive information stolen upon execution.
Stealthy techniques and impacts
The malware is savvy, targeting browsers like Brave, Google Chrome, Firefox, Opera, and Vivaldi for data harvesting, conspicuously leaving Apple Safari untouched. Apart from this, it gathers information from Telegram and captures screenshots. Stokes explains, “The malware uses sophisticated methods, like osascript and AppleScript spoofing, to snatch the user’s password and ensures that the host device is not a virtual machine.”
The Realst campaign’s increasing number of samples and variations is a clear indication that the threat actor is intensively focusing on macOS users, aiming to steal data and crypto wallets.
Readers’ thoughts
What are your thoughts on this evolving cybersecurity threat? Are you worried about the Realst Infostealer? We would love to hear your views on this matter. Feel free to share your thoughts in the comments section below!
{{user}} {{datetime}}
{{text}}