DMN Security Bite is proudly presented by Mosyle, the premier Apple Unified Platform. Dedicated to ensuring Apple devices are ready for work and secure, we provide an integrated management and security solution featuring advanced Apple-specific security measures for fully automated Hardening & Compliance, Next Generation EDR, AI-enabled Zero Trust, and exclusive Privilege Management, all alongside the most robust and modern Apple MDM available. Over 45,000 organizations trust us to prepare millions of Apple devices effortlessly and affordably. Sign up for your EXTENDED TRIAL today and discover why Mosyle is your ultimate choice for Apple.
The Realst crypto stealer targeting Mac systems has resurfaced. Over a year has passed since this malware first appeared, enabling cybercriminals to siphon cryptocurrency from wallets and pilfer additional credentials. Initially spread through deceptive blockchain games, as previously noted, it is now seemingly directed at Web3 developers via a focused spear-phishing campaign.
Recent findings by Cado Security reveal that cybercriminals are masquerading as recruiters, enticing victims with fraudulent job propositions via platforms such as Telegram and X. While this tactic is familiar, it gained traction last year as scammers impersonated reputable companies to promote fake job openings on LinkedIn.
What differentiates this attack is that rather than soliciting sensitive personal information like a driver’s license, Social Security number, or bank details for “employment forms,” victims are instructed to download a counterfeit video meeting application. Upon installation, Realst rapidly extracts sensitive information including browser cookies, credentials, and crypto wallet data—often without the user realizing it.
Notably, it was uncovered that some deceptive websites may harbor concealed JavaScript even before the user downloads the malware, which can drain crypto wallets saved in the victim’s browser.
Cado Security reported that attackers are leveraging AI-generated websites to bypass detection, quickly cycling through various domains like Meeten[.]org and Clusee[.]com. This strategy, paired with AI-generated content for bogus company blogs and social media profiles, demonstrates the sophistication of these tactics.
After users install the “meeting software,” the Realst malware activates and begins searching for and transmitting the following information:
- Telegram credentials
- Bank card information
- Keychain passwords
- Browser cookies and autofill data from Google Chrome, Opera, Brave, Edge, and Arc (note: Safari was excluded).
- Ledger wallet credentials
- Trezor wallet information
To protect yourself, steer clear of unverified downloads, enable multi-factor authentication, refrain from saving crypto credentials in browsers, and utilize reputable video applications like Zoom for meetings. Always approach business proposals cautiously when contacted via Telegram or other social networking platforms. Even messages from known contacts should be verified for authenticity, and avoid clicking on suspicious links.
For further insights, you can access Cado Security’s comprehensive report here.
More on Apple security
Follow Arin: Twitter/X, LinkedIn, Threads
FTC: We utilize income-generating auto affiliate links. More.
