A new and dangerous form of malware has emerged, targeting both macOS and Windows users. The insidious nature of this malware, known as Realst, poses a particularly high risk to Apple computer owners. Disguised as fake blockchain games, Realst spreads through social media promotions and direct messages, luring unsuspecting victims into its trap.

Once users fall for the deception and access the threat actor’s website using the provided access codes, their devices become vulnerable to attack. Realst demonstrates its destructive intentions by clandestinely stealing sensitive data from web browsers and cryptocurrency wallet apps, endangering both personal information and valuable digital assets.

Originally believed to exclusively target macOS users, Realst has expanded its reach to Windows users as well. Adding to the challenge of combating this malware, Realst introduces other varieties of malicious software such as RedLine Stealer, AsyncRAT, and Raccoon Stealer onto Windows workstations, making it difficult to detect.

Cybersecurity organization SentinelOne conducted an in-depth examination of Realst, analyzing 59 “Mach-O” samples. Their findings reveal a range of active macOS variants, all indicating rapid development and evolution. This constant evolution of the malware adds to the complexity of tracking and effectively countering its impact.

Realst spreads its infection through deceptive PKG installers and DMG disk files specifically designed to mimic legitimate games or legitimate software. Once implanted, the malware gains unauthorized access to personal data and digital wallets, leaving victims vulnerable to data theft and exploitation.

One alarming element of Realst is the presence of a cross-platform Firefox information stealer known as “game.py.” This script efficiently extracts sensitive data from users’ web browsers, providing threat actors with a wealth of exploitable information.

Furthermore, Realst utilizes “chainbreaker,” an open-source macOS keychain database, to extract stored passwords and internet account credentials in clear text format, greatly intensifying the risk to victims.

The primary motivation driving these attacks is the desire to steal cryptocurrencies. With the increasing popularity and value of digital assets, unaware users become tempting targets for hostile actors.

Experts strongly emphasize the importance of exercising caution when installing software from unknown sources, especially through social media adverts and direct messages, as malware continuously adapts and spreads. To maintain safety, users must rely solely on official app stores and verified websites for their software needs.

As the Realst malware continues to grow in complexity and reach, users must remain vigilant and take precautions to protect themselves against this malicious menace. By adhering to proper safety measures and raising awareness about the threat posed by Realst, users can better safeguard their personal data and digital assets from these insidious attacks.

Disclaimer: The information provided in this research report is for informational purposes only and should not be interpreted as financial or investment advice. The NFT and cryptocurrency market is highly volatile, and readers should conduct thorough research before making any investment decisions.