A highly sophisticated Mac malware called “Realst” is at the center of a large-scale campaign aimed at Apple computers, including macOS 14 Sonoma, the upcoming OS version.
The malware, discovered by security researcher iamdeadlyz, is cleverly disguised as fake blockchain games such as Brawl Earth and WildWorld, distributed to both Windows and macOS users through social media channels. Access codes are shared via direct messages to target specific victims, while security researchers trying to uncover malicious behavior are kept at bay.
Once installed, the malware acts as an information-stealing agent, with different variants targeting Windows and macOS devices. Realst on macOS specifically infiltrates systems as PKG installers or DMG disk files, masquerading as game clients.
It cleverly steals sensitive data, including browser information and cryptocurrency wallet data, transmitting it back to the malicious actors.
SentinelOne’s analysis revealed 16 distinct variants of the Realst malware, pointing to ongoing and rapid development. The malware employs various tactics to obtain user passwords, including AppleScript spoofing and osascript tricks, while specifically targeting popular browsers like Firefox, Chrome, and Opera. Interestingly, the malware’s code already contains references to macOS 14 Sonoma, indicating that its creators are gearing up for compatibility with Apple’s forthcoming OS release.
Users are warned to exercise caution with blockchain games, as attackers exploit Discord channels and “verified” Twitter accounts to create an illusion of legitimacy. Since the primary target seems to be cryptocurrency users, the threat actors’ main objective is likely to steal valuable crypto wallets and their contents, leading to potentially devastating consequences for victims.
Mac users are urged to remain vigilant and take necessary precautions to safeguard their devices and sensitive information.