New Realst Mac malware, disguised as blockchain games, steals cryptocurrency wallets

New Realst Mac malware, disguised as blockchain games, steals cryptocurrency wallets

Fake blockchain games, that are being actively promoted by cybercriminals on social media, are actually designed to infect the computers of unsuspecting Mac users with cryptocurrency-stealing malware.

Security researcher Iamdeadlyz was the first to describe how Web3 play-to-earn games with names such as “Brawl Earth”, “WildWorld”, “Dawnland”, “Destruction”, “Evolion”, “Pearl”, “Olymp of Reptiles”, and “SaintLegend” – have been aggressively promoted via websites, “verified” Twitter accounts, and Discord channels in the hunt for victims.

The attackers have even used private direct messages to intended targets, offering purported “access codes” allowing download of the fake games. In all likelihood, victims are being selected based upon their enthusiasm for all things cryptocurrency-related.

Sign up to our free newsletter.
Security news, advice, and tips.

The latest version of the Mac malware, which has been named “Realst”, even works on the macOS 14 Sonoma, which hasn’t even been officially released yet – indicating that the threat continues to be actively developed by its creators.

Once installed, Realst steals information from victims’ Firefox, Chrome, Opera, Brave, and Vivaldi web browsers, as well as cryptocurrency wallets, and sends it back to the cybercriminals. At the time of writing, the Safari browser appears to not be targeted by the malware.

Security researchers at SentinelOne, who have also examined the Realst malware, say that they have identified 16 distinct variants of the threat for macOS.

A Windows version of the malware, known as “RedLine Stealer”, has also been distributed.

Clearly the perpetrators of this malware campaign are banking on investor’s enthusiasm to earn free cryptocurrency over-riding their common-sense.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.