Skip to content

Realst malware hits macOS users targeting crypto wallets

  • by
  • 3 min read

A new cryptocurrency-based malware family called Realst targets Apple macOS systems, including the upcoming release — macOS 14 Sonoma.

Researchers from SentinelOne have concluded that a third of the malware samples are already designed to infect macOS 14 Sonoma, the upcoming major release of the operating system.

Realst, written in the Rust programming language, spreads through deceptive blockchain games such as Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and SaintLegend and is capable of stealing crypto wallets and sensitive data from both Windows and macOS machines.

One of the many malware-laden games that attackers are using to pilfer crypto wallets. | Source: SentinelOne

Security researcher iamdeadlyz first identified Realst in the wild, linking its activity to another information stealer campaign, Pureland, which surfaced in March. While Windows machines are infected with RedLine Stealer, Realst poses a significant threat to macOS users due to its sophisticated attack chains.

The malware initiates by approaching potential victims via direct messages on social media, luring them into testing a game as part of a paid collaboration. Realst targets various web browsers, including Brave, Google Chrome, Mozilla Firefox, Opera, and Vivaldi, while avoiding Apple Safari. Additionally, it can gather data from Telegram and capture screenshots.

We can clearly see Sonoma references in the malicious codes. | Source: SentinelOne

The discovery follows the detection of SophosEncrypt, a malware impersonating the cybersecurity firm Sophos. SophosEncrypt is a general-purpose remote access trojan (RAT) that encrypts files and generates ransom notes.

These developments come amid reports of data stolen via commercial information stealers being sold on dark web marketplaces and Telegram channels. Over 200,000 OpenAI credentials were leaked via stealer logs in 2022 and 2023. Stolen enterprise credentials pose a significant risk, as they can be exploited to breach organizations and auctioned off for follow-on activities like ransomware deployment.

Users of macOS should exercise caution while engaging with blockchain games due to the presence of Realst distributors utilizing Discord channels and verified Twitter accounts to deceive users with a false sense of legitimacy. As these games deliberately target cryptocurrency users, the primary objective is to pilfer crypto wallets and their valuable contents, potentially leading to financially damaging attacks.

In the News: 900,000 MicroTik routers at risk; most affected in Brazil and India

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: