A new Mac malware was spotted, and it was given the name "Realst." It is reportedly used mostly in campaigns that specifically target Apple computers. Some specific variants the malware targeted include the macOS 14 Sonoma, which remains in development.
Malware Spotted Targetting MacOS and Windows Users with Fake Blockchain Games
According to Bleeping Computer, the malware
is distributed to Windows and macOS users in the form of fake blockchain games using names such as Brawl Earth, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, SaintLegend, and WildWorld. It is designed to steal from cryptocurrency wallet apps.
The malware was discovered by iamdeadlyz, a security researcher, who found that it wasn't specifically targeting macOS users but also went for Windows users.
Fake Game Titles Promoted on Social Media With Threat Actors Trying to Gain Access Codes
These fake blockchain games are reportedly being promoted on social media. The threat actors then use direct messages to share access codes needed to download the fake game client from associated websites.
These access codes would allow the threat actors to examine potential victims they wish to target. It would also allow them to circumvent security researchers who want to reveal malicious behavior.
RedLine Stealer Is for Windows, While Realst Malware Is for MacOS
Realistically speaking, the game installers reportedly infect devices with information-stealing malware, such as the RedLine Stealer on Windows and Realst on macOS.
This particular malware will steal data from the user's web browsers and crypto wallet apps and then send them back to the threat actors.
Realst Malware Analyzed and Found to Come With Distinct Differences for MacOS
SentinelOne analyzed 59 Mach-O samples of the Realst malware, and it was found that it was focusing on the macOS versions. They were able to discover numerous distinct differences, including researchers finding 16 macOS malware variants that were active and showed a sign of rapid development.
It was reported that users who go to the threat actor's site to download the fake game will be given either the macOS or Windows malware, depending on the operating system. It was noted that the RedLine Stealer was a typical Windows malware. Sometimes it would be other malware like AsyncRAT and Raccoon Stealer.
Malware Used the PKG Installers and DMG Disk Files
For users of Mac devices, the sites would distribute the info-stealing malware, Realst, which targets Mac devices through PKG installers. Another thing potential victims need to watch out for is the DMG disk files, which include the Mach-O malicious files without real games or decoy software.
It was reported that the game.py file was a cross-platform Firefox info stealer, while the chainbreaker would be the installer.py. Chainbreaker is reportedly an open-source macOS keychain database that can be used to retrieve clear text versions of the user's internet account and other stored passwords.
Related Article : North Korean Hackers Behind JumpCloud Breach, Says Security Experts