Hackers are eyeing macOS devices to steal crypto through new malware called Realst.
play-to-earn games have come to the limelight because users can earn money by playing games. However, bad actors have been riding the hype to steal users’ crypto.
macOS Devices Infected Through Web3 Games
SentinelOne identified at least 16 variants of the crypto malware Realst by scanning around 59 samples. Some of the variants are capable of targeting the latest macOS 14 Sonoma.
Crypto malware Realst is written in the Rust programming language and can steal sensitive information such as passwords or even private keys of the cryptocurrency
The SentinelOne report mentions that the hackers install the crypto malware Realst through fake Web3 games, such as Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and SaintLegend. Then the malicious actors went one step further, creating social media handles and websites for the fake games.
How Does Malware Work?
The hackers ask the victims to install the game, but the folder contains a game.py file. That particular file steals information from users’ devices. Another installer.py file steals information from iCloud Keychain, such as passwords and private keys.
One of the victims of the crypto malware Realst on X how hackers drained their wallets within 10 minutes of downloading the Brawl Earth game. They wrote:
“Project look serious, plenty of docs, Twitter with followers, Discord with hundreds of users. Before the meeting I decide to test it, there is a real playable game.”
The Brawl Earth team invited the victim for a call. But during the call, the team member deleted all the conversations and blocked the victim. Soon the victim realized that Brawl Earth had drained their crypto wallet
Recently, Apple devices are often being targeted by hackers through various methods. On Tuesday, BeInCrypto discussed a new crypto phishing attack compromising the two-factor authentication on Apple devices.
In April, Apple out an urgent software update after discovering a critical vulnerability that allowed hackers to do almost anything, even steal crypto from victims’ devices. Often MetaMask users to be aware of phishing and the risks of backing up their wallet data on iCloud.
Read more about the 15 most common crypto scams
The cybersecurity company Kaspersky’s shows that crypto phishing scams have increased by 40% year-on-year between 2021 and 2022. Ideally, users should store seed phrases or passwords offline, away from their devices, to reduce the risk of losing the data to hackers.
Got something to say about crypto malware Realst or anything else? Write to us or join the discussion on our Telegram channel. You can also catch us on Facebook
