Cryptocurrency wallets targeted by novel Realst macOS malware

BleepingComputer reports that Apple macOS users have been targeted by a widespread campaign leveraging fraudulent blockchain games to distribute the new Realst information-stealing malware, which has cryptocurrency wallet exfiltration capabilities. Attackers spread the Realst infostealer through PKG installers or DMG disk files for the fake games, including Brawl Earth, Evolion, SaintLegend, and WildWorld, which contain a cross-platform Firefox stealer and open-source macOS keychain database extractor, according to a SentinelOne report. Different API call sets are being used by 16 of the discovered Realst variants, all of which have Chrome, Firefox, Opera, Vivaldi, Brave, and Telegram app-targeting capabilities. Researchers have also classified the variants into four families, the most common of which is Family A, which entailed the use of AppleScript spoofing. Password spoofing was also used by Family B, which had smaller relevant strings. Moreover, data extraction from the keychain database is enabled by Family C, while Family D leverages the Terminal window to lure password entry. The findings also showed that the upcoming macOS 14 Sonoma could be targeted by nearly 30% of A, B, and D malware samples.