Why hackers are using access codes for these games
Access codes are helping cyber attackers to check the users that they want to target and prevent security researchers from detecting their malicious intentions. These game installers then infect targeted devices with information-stealing malware. For Windows, hackers are using the RedLine Stealer malware while Realst is for macOS users. Another security researcher named SentinelOne analysed 59 Mach-O samples of the Realst malware that were already discovered. The analysis focused on the macOS versions of each sample and several ds
How this malware campaign is affecting macOS users
Whenever users try to download a fake game from the cybercriminal’s site, they are being offered either Windows or macOS malware, depending on their OS. The Realst info-stealing malware targets Mac devices as PKG installers or DMG disk files. These files don’t include any real games or other decoy software, they just contain malicious Mach-O files.
One of the files is a cross-platform Firefox-based data stealer while the other one is an open-source macOS keychain database password, keys, and certificates extractor. The researcher also found that some samples are codesigned using valid (now revoked)
Apple Developer IDs or ad-hoc signatures, to bypass detection from security tools.
What Mac users should do to protect themselves from this malware campaign
The report has also advised macOS users to be cautious with blockchain games. Hackers are distributing Realst using Discord channels and “verified” Twitter accounts to make them look legitimate. Moreover, it is important to note that these games specifically target cryptocurrency users. The main goal of these games is to steal crypto wallets and the funds within them, which can cost investors a lot.
