Security firm SentinelOne has discovered a new crypto-stealing malware named Realst, written in the Rust programming language, targeting macOS devices including the then-latest macOS 14 Sonoma. The malware is delivered through fake Web3 play-to-earn games and is designed to steal cryptocurrency wallet passwords, private keys, and browser-stored credentials.
The Fake Games
Hackers behind Realst distributed the malware through convincingly-named fake games including Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and SaintLegend. They created professional-looking websites and social media accounts to lend the projects an air of legitimacy. Reports emerged of victims having their crypto wallets drained within minutes of downloading a fake game.
What Realst Steals
Once installed, Realst targets: cryptocurrency wallet files and seed phrases; browser-stored passwords and session tokens; iCloud Keychain data; and screen recordings. The macOS focus is notable because many crypto users believe Macs are inherently safer than Windows machines — an assumption Realst directly exploits. Users are advised never to download games or applications from unknown developers, especially if the game was recommended by a stranger online or arrived via a Discord message.
Have You Been Scammed?
Open a case today and let our experts begin the recovery process. A case-opening fee applies; full refund if unsuccessful.