macOS Users Warned of Fake Blockchain Games Hosting Information Stealer
Users of macOS devices are being advised to exercise caution when downloading and using free blockchain games, in light of a recent threat campaign that targets these users. The games, including titles such as Brawl Earth, WildWorld, Evolion, Pearl, SaintLegend, and Olymp of Reptiles, are in fact a form of information stealer named Realst. Security firm SentinelOne has detected 59 samples of Realst and identified 16 variants within this dataset. The threat actor behind the campaign appears to be targeting macOS 14 Sonoma, which is still in beta testing. Some of the samples were digitally signed with an Apple Developer ID, which has since been revoked. SentinelOne has linked the Realst infostealer campaign to another infostealer called PureLand, which targeted seven types of data from macOS users.
Realst Steals Cryptocurrency Wallets and Browser Data
Users who downloaded the fake blockchain games have fallen victim to having their cryptocurrency wallets drained and their stored passwords and browser data stolen. The sheer number of Realst samples and variants indicates a significant effort on the part of the threat actor to target macOS users for crypto wallet and data theft. Realst and PureLand are not the only macOS infostealers that have recently emerged. Another infostealer called ShadowVault has been made available for rent in an underground forum, collecting a wide range of data including login credentials, financial data, personally identifiable information (PII), and seed phrases for cryptocurrency wallet recovery and restoration.
Enterprises at Risk
While the Realst campaign may seem primarily focused on individual consumers, enterprise organizations can also become collateral victims. An enterprise can be impacted if employees are enticed by the lure of the fake blockchain games and download them without pre-approval from IT or security teams. It’s important to note that several malicious components of the Realst infostealer are not currently blocked by Apple’s XProtect service, and versions signed by Apple developers are able to pass Gatekeeper and code signing checks. Therefore, enterprises must ensure that their security measures include protection against these types of threats.
Targeted Platforms and Avenues of Attack
The Realst campaign targets a variety of browsers, including Chrome, Brave, Opera, OperaGX, Firefox, and Vivaldi. It also focuses on popular cryptocurrency wallets and browser extensions, such as Binance Wallet, Trust Wallet, Metamask, Martian Wallet, and TronLink. Additionally, the malware targets the Telegram messaging app. The threat actors have gone to great lengths to make the fake blockchain games appear authentic. They have set up malicious websites for each game and created Discord and X (formerly known as Twitter) accounts to further the illusion. Potential victims have been contacted through direct messages on social media, often being invited to become paid testers for the games. Unfortunately, many individuals who fell for these lures found themselves becoming victims of theft.
Protecting Against Threats
The rise of threats targeting macOS users highlights the need for individuals and enterprises to prioritize internet security. When downloading games or any software, it is crucial to verify their authenticity and legitimacy. Users should exercise caution when approached through social media platforms by unknown individuals promoting free games.
For macOS users, it is recommended to regularly update the operating system, browser, and security software to the latest versions. This ensures that known vulnerabilities are patched, reducing the risk of exploitation by threat actors. Enabling Apple’s XProtect service can provide an additional layer of protection against known threats. However, it is important to note that XProtect may not block all malicious components of the Realst infostealer, as mentioned by SentinelOne. Users should complement these measures with third-party antivirus and anti-malware software to enhance their overall security posture.
Conclusion
The Realst infostealer campaign targeting macOS users serves as a reminder of the constant threat posed by cybercriminals. As technology continues to evolve, so do their tactics. It is crucial for individuals and enterprises to remain vigilant and stay informed about emerging threats. By following cybersecurity best practices, such as verifying the authenticity of downloads and keeping software up to date, users can better protect themselves from falling victim to information stealers and other forms of cyberattacks.
Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the official policy or position of the New York Times.
<< photo by Michael Dziedzic >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- Rogue Ransomware: Exploiting IT Pros through Deceptive Ads
- The Impact of the SEC’s New Rule on Cybersecurity Breach Disclosure
- The Rise of Decoy Dogs: Unleashing a New Breed of Malware on Enterprise Networks
- Rezilion Discovers Critical Security Flaws Omitted by CISA KEV Catalog
- Endpoint Detection and Response Products: SE Labs Releases In-Depth Comparative Analysis
- The SEC’s Bold Move: Strengthening Cybersecurity Incident Disclosure Requirements
