Hackers are using Realst crypto-malware to steal macOS devices via fake Web3 games like Brawl Earth and WildWorld. The malware, written in Rust, can steal sensitive information such as wallet passwords or crypto wallet private keys. Cybersecurity firm Kaspersky reports a 40% increase in crypto phishing scams year-over-year between 2021 and 2022, prompting users to store data offline.
Hackers target macOS devices to steal crypto via a new malware called Realst.
Web 3.0 Play-To-Earn games have come into the spotlight because users can earn money by playing games. However, bad actors have been taking advantage of the hype to steal users’ cryptocurrencies.
macOS Devices Infected Through Web 3.0 Games
SentinelOne identified at least 16 variants of the Realst crypto malware by scanning around 59 samples. Some of the variants are capable of targeting the latest macOS 14 Sonoma.
The Realst crypto malware is written in the Rust programming language and can steal sensitive information such as wallet passwords or even cryptocurrency wallet private keys.
The SentinelOne report mentions that hackers install Realst crypto malware through fake Web3 games, such as Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and SaintLegend.
The hackers then went a step further and created social media identifiers and websites for the fake games.
How Does the Malware Work?
The hackers ask the victims to install the game, but the folder contains a game.py file. That particular file steals information from users’ devices. Another installer.py file steals information from iCloud Keychain, such as passwords and private keys.
One of the victims of the Realst crypto malware shared on X how hackers drained their wallets within 10 minutes of downloading the Brawl Earth game. Guy (@0xGuy) tweeted the following:
“Project looked serious, plenty of docs, Twitter with followers, discord with hundreds of users. Before the meeting I decided to test it, there is a real playable game. But at time of the meeting, I noticed thealpaca deleted all of our conversation and blocked me, strange.”
The Brawl Earth team invited the victim for a call. But during the call, the team member deleted all the conversations and blocked the victim. Soon, the victim realized that Brawl Earth had depleted his crypto wallet.
Recently, hackers often attack Apple devices through various methods. On Tuesday, a new crypto phishing hack that compromises two-factor authentication on Apple devices was discussed.
In April, Apple released an urgent software update after discovering a critical vulnerability that allowed hackers to do almost anything, including stealing crypto from victims’ devices.
MetaMask has often warned users to be aware of phishing scams and the risks of backing up their wallet data to iCloud.
Data from cybersecurity firm Kaspersky shows that crypto phishing scams have increased by 40% year-on-year between 2021 and 2022.
Ideally, users should store seed phrases or passwords offline, away from their devices, to reduce the risk of data loss to hackers.
Fans of online games that use cryptocurrencies need to be extremely careful as the main user of Realst seems to be digital wallets; therefore, users of these games are not the main users.
It is worth being extra careful when downloading games or software from the internet, especially if it is being promoted on social networks, or an unsolicited message is sent to potential users.
By Audy Castaneda
