DMN Security Bite is proudly presented by Mosyle, the sole Apple Unified Platform. Our mission is to ensure Apple devices are work-ready and secure for enterprises. We offer an innovative integrated method for management and security, featuring cutting-edge Apple-specific security solutions for comprehensive automation of Hardening & Compliance, Next Generation EDR, AI-driven Zero Trust, and unique Privilege Management, all backed by the strongest and most advanced Apple MDM available. With over 45,000 organizations relying on us, we help millions of Apple devices become work-ready effortlessly and affordably.Request your EXTENDED TRIAL today and discover why Mosyle is your complete solution for Apple management.
The Realst crypto stealer targeting Macs has resurfaced. It has been more than a year since this malware first appeared, used by cybercriminals to siphon cryptocurrency from wallets and capture other sensitive credentials. Its initial spread was through fraudulent blockchain games, which I reported previously. Now, it seems to be focusing on Web3 developers through a strategic spear-phishing initiative.
A recent analysis by Cado Security reveals that cybercriminals are masquerading as recruiters, enticing victims with fraudulent job offers on platforms like Telegram and X. This approach isn’t particularly new; last year, there was a surge of reports regarding scammers pretending to be from reputable companies to recruit for non-existent jobs on LinkedIn.
However, this specific attack is distinct as it does not solicit personal information like driver’s licenses or bank details for “employment forms.” Instead, victims are prompted to download a deceptive video conferencing application. Once it is installed, Realst swiftly lifts sensitive information like browser cookies, login credentials, and crypto wallet details, often without the victim realizing it.
Moreover, prior to downloading the malware, it has been found that certain fake websites are embedded with hidden JavaScript that can deplete cryptocurrency wallets saved in the user’s browser.
Cado Security also noted that attackers are utilizing AI-generated websites to bypass detection, frequently cycling through various domains like Meeten[.]org and Clusee[.]com. This rapid turnover strategy, along with AI-generated content for phony company blogs and social media profiles, demonstrates their sophistication.
Upon downloading the “meeting application,” the Realst malware activates, searching for and extracting the following:
- Telegram login details
- Credit card information
- Keychain credentials
- Browser cookies and autofill details from Google Chrome, Opera, Brave, Edge, and Arc. Notably, Safari was not mentioned.
- Ledger Wallets
- Trezor Wallets
To protect yourself, refrain from downloading unverified applications, enable multi-factor authentication, avoid storing cryptocurrency information in browsers, and use reputable video conferencing solutions like Zoom for meetings. Always be cautious with unsolicited business proposals on Telegram or similar social platforms. Even if a message appears to originate from a trusted contact, verify the account’s legitimacy and be vigilant when clicking on links.
For a comprehensive overview, you can access Cado Security’s complete report here.
Additional Information on Apple Security
Follow Arin: Twitter/X, LinkedIn, Threads
: We utilize income-generating affiliate links. More details.
