Fake Games Deliver Redline Malware On Win and Mac

Heads up, gamers! If you receive access codes for seemingly lucrative blockchain games, beware! A new malware campaign targets gamers via fake blockchain games, delivering Redline stealer on Windows systems and Realst malware on Mac devices. The threat actors aim at stealing cryptocurrency wallets via these malware attacks.

Fake Games Deliver Redline, Realst Malware On Windows and Mac

New Malware Campaign Infects Mac With Realst, Windows With Redline Stealer Via Fake Games

The security researcher with the alias “iamdeadlyz” shed light on a new malware campaign in his post. As described, the researcher found numerous fake blockchain games delivering macOS and Windows devices with Realst malware and Redline Stealer, respectively.

Specifically, the threat actors behind this campaign promote fake blockchain games on social media platforms, offering access codes. Interested gamers need to download these games via the provided access codes, which covertly help the attackers sort their targets and avoid encountering security researchers.

Some of these fake game projects include Destruction, Evolution, Olymp of Reptiles, and Brawl Earth, whereas the researcher also found RyzeX, Dawn Land MetaWorld, and WildWorld following the same pattern. Alongside infecting Windows systems with Redline Stealer, they also targeted macOS devices with a new malware that grabbed the researcher’s attention.

The researcher named it “Realst,” given its Rust-based coding. Regarding Realst, the researcher described it as an infostealing malware targeting various web browsers for cryptocurrency wallet extensions. The malware even scans Telegram to exfiltrate desired information.

While the supposed game asks the user for the password to “install” the game, in the background, the malware transmits the stolen data to the C&C. These details include the stored passwords, device’s information, geolocation, and screengrabs (if granted permissions).

The researcher shared a detailed technical analysis of the campaign in his post. Following his research, SentinelOne also presented its detailed analysis, analyzing various malware samples it found associated with this campaign.

They also found the malware utilizing AppleScript spoofing to trick Mac users into typing their device’s passwords. This campaign typically targets cryptocurrency users. Therefore, users, especially those who like blockchain games, should remain cautious while interacting with messages (particularly game invites) from unknown sources.
Attribution link