Rising Threat: Realst Infostealer Hiding in Fake Blockchain Games

Realst, a new malware infostealer targeting macOS users, is being distributed through fake blockchain games, posing a significant threat to crypto wallets and data security, according to a blog post from security firm SentinelOne. 

The Deets

• Realst: A newly discovered macOS malware
• Delivery: Through malicious websites offering fake blockchain games
• Victims: macOS users, including upcoming macOS 14 Sonoma
• Risk: Data theft, including crypto wallets and stored passwords

The Bulk

In an elaborate scheme to compromise data security, cybercriminals have been distributing Realst, a new malware infostealer, through deceptive blockchain games. Realst, specifically designed to target macOS users, was reported earlier this month by security researcher iamdeadlyz. Our in-depth analysis has now found 59 malicious Mach-O samples of Realst malware, with some variants even targeting Apple's upcoming macOS 14 Sonoma.

The fake blockchain games, including Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and SaintLegend, are hosted on separate websites with dedicated Twitter and Discord accounts. These games serve as the facade for Realst distribution. The malicious actors behind these operations were observed reaching out to potential victims through direct messages on social media.

Notably, Realst is distributed via a .pkg installer, which contains a malicious Mach-O and three scripts. One script, a copy of the open-source project chainbreaker, is leveraged to extract passwords, keys, and certificates from the macOS keychain database, potentially leading to significant data breaches.

🎬 Take Action

For macOS users, particularly those engaging with blockchain games, it's crucial to be vigilant. Check the source of any game or application you download and be wary of unsolicited messages pushing you to try new games. Stay safe!

For more web3 and NFT news, visit the Lucky Trader newsfeed.