New malware aims to steal Apple users' crypto via fake blockchain games

Security • July 26, 2023, 8:19AM EDT
Published 1 minute earlier on
UPDATED: July 27, 2023, 8:42AM EDT
The Block

Quick Take

  • Security researchers have issued warnings on new malware targeting Apple macOS systems aimed at stealing crypto assets.
  • The malware spreads through fake blockchain games, enticing victims to download them and unknowingly expose themselves to theft.

Security researchers have identified a new malware called Realst, exposing Apple macOS users to the potential theft of crypto assets and sensitive information.

The malware is distributed via malicious websites promoting fake blockchain games, web3 security firm SlowMist warned — pointing to a blog post from cybersecurity company SentinelOne. Security researcher "iamdeadlyz" initially reported on fake blockchain games being used to infect systems earlier this month.

Realst spreads through games, including Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles and SaintLegend. Each fake game version has its own website, Twitter and Discord accounts — creating the illusion of authenticity to trick unsuspecting victims, SentinelOne threat researcher Phil Stokes said in the post.

Written in Rust, the malware attempts to deceive victims through AppleScript spoofing — presenting password request dialog boxes with hidden answers to capture passwords. Sometimes, it also uses Chainbreaker, an open-source project to extract passwords, keys and certificates from macOS keychain databases.

“As soon as the victim launches these fake games and provides the ‘installer’ with a password, their data, passwords and crypto wallets are stolen,” Stokes added.

The malware authors also appear to be testing their creation's behavior on Apple's upcoming macOS 14 Sonoma version, with around one-third of the identified Realst samples targeting the release, Stokes said. 

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Apple users are urged to remain vigilant

While SentinelOne's security solution can detect and prevent all known variants of Realst, Stokes added, he urged users and security teams to remain vigilant as “Apple’s malware blocking service ‘XProtect’ does not appear to [currently] prevent execution of this malware.”

Given the rising popularity of blockchain games promising financial rewards, Stokes advised users to exercise extreme caution when encountering solicitations to download and run such games.

Apple did not immediately respond to a request for comment from The Block.

Updated to credit initial reports from "iamdeadlyz."


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

James Hunt is a reporter at The Block, based in the UK. As the writer behind The Daily newsletter, James also keeps you up to speed on the latest crypto news every weekday. Prior to joining The Block in 2022, James spent four years as a freelance writer in the industry, contributing to both publications and crypto project content. James’ coverage spans everything from Bitcoin and Ethereum to Layer 2 scaling solutions, avant-garde DeFi protocols, evolving DAO governance structures, trending NFTs and memecoins, regulatory landscapes, crypto company deals and the latest market updates. You can get in touch with James on Telegram or X via @humanjets or email him at [email protected].

Editor

To contact the editor of this story:
Adam James at
[email protected]

More by James Hunt