https://bit.ly/450kuxE - 🛡️ A recent cybersecurity analysis highlighted a surge in "Realst" infostealer malware attacks, specially targeting macOS devices. The malware, hidden within fake blockchain games, is designed to extract cryptocurrency wallet data and browser passwords. Notably, the campaign seems prepared for the upcoming macOS 14 Sonoma release. #CyberSecurity #MacOS #Malware #RealstInfostealer 🕹️ The distribution strategy of Realst involves numerous malicious websites advertising illegitimate blockchain games, each with associated social media accounts. Potential victims are directly contacted via social media, tricking them into installing the infostealer under the guise of a game. #CyberThreat #SocialEngineering 📦 Infostealer malware is primarily distributed through malicious .pkg installers containing a trio of harmful scripts. The scripts act as a Firefox infostealer, a password extractor, and an uninstaller. Surprisingly, the uninstaller was found to be non-malicious. #CyberAttack 🚀 Other versions of the Realst stealer come packaged within applications via .dmg disk images. Some malware samples were even code-signed with an Apple Developer ID, which has since been revoked. However, ad-hoc code-signed samples will continue to launch since their signatures cannot be remotely revoked. #AppleSecurity #CodeSigning 💻 From a behavior standpoint, Realst samples appear similar across variants and exfiltrate key user data. Targeted browsers include Firefox, Chrome, Opera, Brave, and Vivaldi, with Safari being notably absent. Also, the Telegram app seems to be on the hit list. #BrowserSecurity #DataExfiltration 🔍 Analysis identified 16 variants of Realst across 59 samples, classified into four major families (A, B, C, and D). Each variant utilizes unique tactics, but their main goal remains to steal users' data and credentials. About a third of the samples are prepped for macOS 14 Sonoma. #MalwareAnalysis 🚨 The efforts invested in the Realst campaign, the creation of fake game sites, and the use of social engineering indicate a serious threat targeting macOS users for data and crypto wallet theft. As blockchain games rise in popularity, users and security teams must exercise extreme caution when downloading and running such games.