In the rapidly evolving world of blockchain and cryptocurrency, a new threat has emerged that targets the enthusiasm of Mac users. Cybercriminals are actively promoting counterfeit blockchain games on social media platforms, with a sinister motive: to infect computers with cryptocurrency-stealing malware. The first to bring this issue to light was security researcher Iamdeadlyz, who detailed how these so-called Web3 play-to-earn games are being aggressively marketed. Games with enticing names like “Brawl Earth”, “WildWorld”, “Dawnland”, “Destruction”, “Evolion”, “Pearl”, “Olymp of Reptiles”, and “SaintLegend” are being pushed via websites, Twitter accounts, and Discord channels.
The cybercriminals behind this scheme are not just casting a wide net; they’re also using private direct messages to lure in potential victims, offering them “access codes” to download these fraudulent games. The victims are likely chosen based on their keen interest in cryptocurrency, making them susceptible to such scams.
The malware, aptly named “Realst”, is sophisticated enough to work on macOS 14 Sonoma, a version of the operating system that hasn’t even been officially released yet. This indicates that the threat is being actively developed and updated by its creators. Once installed, Realst pilfers information from various web browsers including Firefox, Chrome, Opera, Brave, and Vivaldi. It also targets cryptocurrency wallets, sending the stolen information back to the cybercriminals.
Interestingly, at the time of reporting, the Safari browser seems to be immune to this malware. The security team at SentinelOne, who have also been studying the Realst malware, have identified 16 distinct variants of the threat specifically for macOS. A Windows version of the malware, known as “RedLine Stealer”, has also been found. The perpetrators of this malware campaign are clearly exploiting the enthusiasm of investors eager to earn free cryptocurrency, hoping that their excitement will override their common sense.
