Even the new macOS Sonoma update isn’t safe from malware


Protect Your Access to the Internet

New Mac malware targets cryptocurrency wallets

A recently discovered Mac malware, known as “Realst,” is currently employed in a large-scale campaign to steal cryptocurrency wallets — and even targets the still-developing macOS Sonoma.

Security researcher iamdeadlyz uncovered the malware, which is being distributed to both Windows and macOS users disguised as fake blockchain games. The malicious software adopts deceptive names like Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and SaintLegend.

The attackers promote these games on social media platforms, distributing access codes through direct messages to enable users to download the fake game client from linked websites.

The game installers are designed to infect devices with information-stealing malware. It includes RedLine Stealer on Windows, and on macOS, it installs Realst.

This malicious software is programmed to extract data from the victim’s web browsers and cryptocurrency wallet applications, sending the stolen information back to the people behind the campaign.

Realst malware

SentinelOne, a cybersecurity firm, analyzed 59 samples of the Realst malware and identified 16 distinct variants, indicating active and rapid development. The malware targets various browsers and the Telegram app but doesn’t target Safari.

Malware variants are categorized into four main families based on their traits. They use different techniques to trick users into providing their passwords, which are then used to steal data.

Specific strings in the malware code suggest that its authors are preparing for the upcoming macOS 14 Sonoma release. Mac users visiting these malicious websites will encounter the distribution of Realst info-stealing malware.

The malware targets Mac devices and is disguised as PKG installers or DMG disk files. These files contain malicious Mach-O files but don’t include any genuine games or other decoy software.

SentinelOne’s investigation revealed that certain samples of the malware are codesigned using legitimate, but now invalidated, Apple…