Security Bite: Realst malware returns to cash in on crypto boom
9to5Mac Security Bite is brought to you exclusively by Mosyle, the only Apple unified platform. What we do is get Apple devices ready to work and keep your business secure. Our unique integrated approach to management and security combines the most advanced Apple-specific security solutions with the most powerful, modern Apple MDM to enable fully automated hardening and compliance, next-generation EDR, AI-driven Zero Trust and Exclusive rights management in the market. The result is a fully automated Apple unified platform, now trusted by more than 45,000 organizations, to put millions of Apple devices into use effortlessly and at an affordable cost. Request a trial extension Learn why Mosyle is everything you need to work with Apple today.
The Realst encryption stealer infecting Macs is back. It’s been more than a year since the malware became a tool used by cybercriminals to steal cryptocurrency from wallets and steal other credentials. It was initially spread through fake blockchain games, As I reported at the time. However, it now appears to be a targeted spear phishing campaign targeting Web3 developers.
In a recent report card securityCyber criminals pose as recruiters and lure victims with false job opportunities through social platforms such as Telegram and X. If you remember, around the middle of last year, we saw headlines about a series of scammers impersonating well-known companies and recruiting for fake positions on LinkedIn.
What makes this particular attack unique is that instead of asking victims to provide personal information such as a driver’s license, Social Security or bank account number to fill out “employment documents,” they were asked to download a fake video conferencing app. Once installed, Realst quickly steals sensitive data such as browser cookies, credentials, and encrypted wallets. This usually happens without the victim noticing.
Interestingly, some fake websites have also been found to contain hidden JavaScript capable of draining the crypto wallet stored in the victim’s browser, even before the malware is downloaded.
Cado Security said attackers also use artificial intelligence-generated websites to evade detection and quickly burn multiple domains, such as Meeten[.]organization and crusi[.]com. This fast-cycling strategy, combined with artificial intelligence-generated fake company blog and social profile content, shows how sophisticated they can be.
When a user downloads the “Meeting Tool”, the Realst malware launches and begins looking for and stealing the following content:
- telegraph voucher
- Bank card details
- keychain voucher
- Browser cookies and autofill credentials from Google Chrome, Opera, Brave, Edge and Arc. Safari is not listed.
- ledger wallet
- Trezzo wallet
To stay safe, avoid unverified downloads, enable multi-factor authentication, never store encryption credentials in your browser, and use a trusted video app like Zoom when setting up meetings. One should always exercise caution when approaching business opportunities on Telegram and other social apps. Even if the message appears to come from a known contact, be sure to verify the authenticity of the account and use caution when clicking on links.
You can find Cado Security’s full report here here.
More information about Apple security
Fforget: Twitter/X, LinkedIn, Number of execution threads
FTC: We use auto affiliate links to earn revenue. More.
2024-12-16 16:17:23