Bleeping Computer - "New Realst macOS malware steals your cryptocurrency wallets"
https://www.bleepingcomputer.com/ne...s-malware-steals-your-cryptocurrency-wallets/
"A new Mac malware named "Realst" is being used in a massive campaign targeting Apple computers, with some of its latest variants including support for macOS 14 Sonoma, which is still in development.
The malware, first discovered by security researcher iamdeadlyz, is distributed to both Windows and macOS users in the form of fake blockchain games using names such as Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and SaintLegend.
For Mac users, the sites will distribute the Realst info-stealing malware, which targets Mac devices as PKG installers or DMG disk files containing the malicious Mach-O files but no real games or other decoy software.
The "game.py" file is a cross-platform Firefox infostealer and "installer.py" is "chainbreaker," an open-source macOS keychain database password, keys, and certificates extractor.
SentinelOne found that some samples are codesigned using valid (now revoked) Apple Developer IDs, or ad-hoc signatures, to bypass detection from security tools."
https://www.bleepingcomputer.com/ne...s-malware-steals-your-cryptocurrency-wallets/
"A new Mac malware named "Realst" is being used in a massive campaign targeting Apple computers, with some of its latest variants including support for macOS 14 Sonoma, which is still in development.
The malware, first discovered by security researcher iamdeadlyz, is distributed to both Windows and macOS users in the form of fake blockchain games using names such as Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and SaintLegend.
For Mac users, the sites will distribute the Realst info-stealing malware, which targets Mac devices as PKG installers or DMG disk files containing the malicious Mach-O files but no real games or other decoy software.
The "game.py" file is a cross-platform Firefox infostealer and "installer.py" is "chainbreaker," an open-source macOS keychain database password, keys, and certificates extractor.
SentinelOne found that some samples are codesigned using valid (now revoked) Apple Developer IDs, or ad-hoc signatures, to bypass detection from security tools."