A newly identified malware, dubbed “Realst,” is posing a significant threat to Apple macOS users, including those on the upcoming macOS 14 Sonoma. The malware is being propagated through counterfeit blockchain games, luring victims into downloading them and unknowingly exposing themselves to data theft.
The games infected with Realst malware, such as Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and SaintLegend, are being promoted on malicious websites and social media platforms like Twitter. Each game is accompanied by its own Discord and Twitter accounts, which adds a sense of legitimacy and has, unfortunately, led to some users becoming victims.
The modus operandi of Realst
Realst, written in the emerging programming language Rust, operates silently in the background of compromised macOS devices. It scrapes web browser data, including stored passwords, and sends it back to the threat actors. It targets popular web browsers such as Firefox, Chrome, Opera, Brave, and Vivaldi, but does not target Safari. One of the most alarming consequences of infection is that Realst can quickly empty cryptocurrency wallets within minutes. Some variants of the malware are already targeting macOS 14 Sonoma, which is set to be released in the fall. The malware’s code mentions Sonoma multiple times, indicating the intent of the author to remain active until the public release of Apple’s latest macOS version.
Protective measures and recommendations
To protect against Realst and other malware, users are advised only to install apps from the official Mac App Store, verify links before opening them, use strong passwords and enable two-step authentication, exercise caution when granting permissions on their Mac, and keep their devices and applications up-to-date. SentinelOne, a security firm, has provided a thorough checkup guide for users who suspect their Mac may be infected with malware. It is crucial to stay vigilant and take necessary precautions to safeguard against cyber threats like Realst.
While SentinelOne’s security solution can detect and prevent all known variants of Realst, users and security teams are urged to remain vigilant as Apple’s malware blocking service ‘XProtect’ does not appear to currently prevent execution of this malware. Given the rising popularity of blockchain games promising financial rewards, users are advised to exercise extreme caution when encountering solicitations to download and run such games.