New Realst Mac malware, disguised as blockchain games, steals cryptocurrency wallets – Source: grahamcluley.com

Fake blockchain games, that are being actively promoted by cybercriminals on social media, are actually designed to infect the computers of unsuspecting Mac users with cryptocurrency-stealing malware.

Security researcher Iamdeadlyz was the first to describe how Web3 play-to-earn games with names such as “Brawl Earth”, “WildWorld”, “Dawnland”, “Destruction”, “Evolion”, “Pearl”, “Olymp of Reptiles”, and “SaintLegend” – have been aggressively promoted via websites, “verified” Twitter accounts, and Discord channels in the hunt for victims.

The attackers have even used private direct messages to intended targets, offering purported “access codes” allowing download of the fake games. In all likelihood, victims are being selected based upon their enthusiasm for all things cryptocurrency-related.

The latest version of the Mac malware, which has been named “Realst”, even works on the macOS 14 Sonoma, which hasn’t even been officially released yet – indicating that the threat continues to be actively developed by its creators.

Once installed, Realst steals information from victims’ Firefox, Chrome, Opera, Brave, and Vivaldi web browsers, as well as cryptocurrency wallets, and sends it back to the cybercriminals. At the time of writing, the Safari browser appears to not be targeted by the malware.

Security researchers at SentinelOne, who have also examined the Realst malware, say that they have identified 16 distinct variants of the threat for macOS.

A Windows version of the malware, known as “RedLine Stealer”, has also been distributed.

Clearly the perpetrators of this malware campaign are banking on investor’s enthusiasm to earn free cryptocurrency over-riding their common-sense.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.