New malware aims to steal Apple users' crypto via fake blockchain games

Quick Take

  • Security researchers have issued warnings on new malware targeting Apple macOS systems aimed at stealing crypto assets.
  • The malware spreads through fake blockchain games, enticing victims to download them and unknowingly expose themselves to theft.

Security researchers have identified a new malware called Realst, exposing Apple macOS users to the potential theft of crypto assets and sensitive information.

The malware is distributed via malicious websites promoting fake blockchain games, web3 security firm SlowMist warned — pointing to a blog post from cybersecurity company SentinelOne. Security researcher "iamdeadlyz" initially reported on fake blockchain games being used to infect systems earlier this month.

Realst spreads through games, including Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles and SaintLegend. Each fake game version has its own website, Twitter and Discord accounts — creating the illusion of authenticity to trick unsuspecting victims, SentinelOne threat researcher Phil Stokes said in the post.

Written in Rust, the malware attempts to deceive victims through AppleScript spoofing — presenting password request dialog boxes with hidden answers to capture passwords. Sometimes, it also uses Chainbreaker, an open-source project to extract passwords, keys and certificates from macOS keychain databases.

“As soon as the victim launches these fake games and provides the ‘installer’ with a password, their data, passwords and crypto wallets are stolen,” Stokes added.

The malware authors also appear to be testing their creation's behavior on Apple's upcoming macOS 14 Sonoma version, with around one-third of the identified Realst samples targeting the release, Stokes said. 

Apple users are urged to remain vigilant

While SentinelOne's security solution can detect and prevent all known variants of Realst, Stokes added, he urged users and security teams to remain vigilant as “Apple’s malware blocking service ‘XProtect’ does not appear to [currently] prevent execution of this malware.”

Given the rising popularity of blockchain games promising financial rewards, Stokes advised users to exercise extreme caution when encountering solicitations to download and run such games.

Apple did not immediately respond to a request for comment from The Block.

Updated to credit initial reports from "iamdeadlyz."

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.