Realst malware threatens crypto wallets on Mac and Windows

New malware 'Realst' targets crypto wallets on Mac and Windows, disguising itself as one of many blockchain games.

An image showing a thief running with a bag full of crypto

In the dynamic and often unpredictable world of digital currencies, a new adversary has emerged from the shadows, posing a significant threat to the security of cryptocurrency wallets. This malicious software, known as "Realst," is causing a stir among Mac and Windows users, employing an array of sophisticated techniques to steal data from unsuspecting victims.

The realm of cybercrime is constantly evolving, with hackers perpetually seeking innovative ways to exploit vulnerabilities. As governments worldwide grapple with the increasing prevalence of cybercrime in the crypto space, these digital outlaws are ceaselessly devising new strategies to breach security measures. Recently, we reported on a few significant fraudulent activities. One of them was a $60 million crypto heist targeting Alphapo, with the infamous Lazarus Group being the primary suspect source. This incident underscores the increasing sophistication of cybercriminals and the urgent need for robust security measures in the crypto space.

The spotlight is now on Realst, a new threat to crypto wallets, identified by the vigilant security researcher iamdeadlyz on July 6th. This malware is not your run-of-the-mill cyber threat. It spreads its tentacles through counterfeit blockchain games, using social media platforms as a launchpad to promote these games and share access codes for downloading. These codes then serve as a Trojan horse, providing a gateway to victims' wallets and effectively bypassing security measures.

The Realst malware is a digital chameleon, seamlessly adapting to both Windows and Mac environments. It distributes data-stealing malware, such as RedLine Stealer on Windows and Realst on macOS, which extracts data from web browsers and cryptocurrency wallets. SentinelOne's meticulous analysis of 59 Mach-O samples of Realst revealed 16 distinct variants, underscoring the malware's active development and the constant evolution of its nefarious techniques.

These variants, neatly categorized into families A, B, C, and D, employ different techniques to gain unauthorized access to user information. They exploit vulnerabilities in browsers and cryptocurrency wallet apps, with macOS 14 Sonoma being a prime target. This indicates the ongoing and rapid development of the threat, suggesting that the malware is continually adapting to counter-security measures.

The malware's modus operandi involves luring Windows and macOS users into downloading fake blockchain games like Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and SaintLegend. Unbeknownst to the users, the Realst info-stealing malware comes bundled with these games in the form of PKG or DMG files, making it a wolf in sheep's clothing.

The malware uses "" and "" files to steal data, compromising web browsers and cryptocurrency wallets. It's unclear if simply removing these files would effectively neutralize the threat. As such, the best defense against this multifaceted danger is due diligence and thorough research into new blockchain games before downloading. It's a classic case of 'look before you leap.'

SentinelOne discovered that some samples are code signed using valid (now revoked) Apple Developer IDs or ad-hoc signatures, enabling them to evade detection by security tools. This is a testament to the malware's cunning and adaptability. The malware's active development and preparation for macOS 14 Sonoma suggest potential future attacks, indicating that the threat is far from over.

According to iamdeadlyz, the malware is part of a massive campaign targeting Windows and macOS users. The capability of this malware to extract data from cryptocurrency wallets and web browsers presents a significant threat to the financial security and privacy of users. This is not just a threat; it's a full-blown assault on digital privacy and financial security.

In the grand scheme of things, the emergence of Realst is a stark reminder of the inherent risks associated with digital currencies. It underscores the importance of maintaining robust security measures and staying informed about the latest threats. As the saying goes, 'forewarned is forearmed.' In the face of such threats, knowledge and preparedness are your best allies. Stay safe, crypto enthusiasts!