Macs under attack from password-stealing malware — how to stay safe

MacBook Pro 2021 (16-inch) on a patio table
(Image credit: Tom's Guide)

Hackers have launched a massive campaign that uses new Mac malware to target vulnerable Apple computers in an attempt to steal passwords, cryptocurrency and other sensitive data.

As reported by BleepingComputer, this new malware strain has been dubbed “Realst” by the security researcher who discovered it and it’s currently being spread through fake blockchain games.

In order to trick potential victims into downloading these malicious games, the cybercriminals behind this campaign are promoting them on social media while also using direct messages to share the access codes required to download them. However, these access codes actually serve another purpose as they allow the hackers to vet targets and decide who is really worth going after.

In addition to targeting Macs, this campaign also infects Windows users with the RedLine Stealer malware which has similar functionality to Realst. Regardless of whether you use Mac or Windows, you need to be careful when downloading games from unofficial stores online, and this holds true for those with young gamers at home as they could easily infect your computer with malware. 

Stealing data from browsers and Apple Keychain

After analyzing 59 different Mach-O samples of the Realst malware, the cybersecurity firm SentineOne found several distinct differences between them. Its security researchers also identified 16 variants of the malware and provided further insight on them in a new blog post.

When Mac users try to download any of the fake blockchain games used in this campaign, the PKG installers or DMG disk files used to distribute them contain malicious Mach-O files but no games. In order to bypass Apple’s security measures, the hackers responsible are using valid, though now revoked, Apple Developer IDs to sign their installers.

Although there are 16 different variants of the Realst malware, they all target popular browsers like Firefox, Chrome, Opera, Brave Vivaldi and the Telegram app. Surprisingly, none of the variants analyzed by SentinelOne target Safari. The Realst malware is able to steal passwords, cookies and other sensitive data stored in a user’s browser, but it also goes after any passwords saved in Apple Keychain which is the iPhone maker’s own password manager

Surprisingly, the creators of Realst have already made preparations to target Macs running macOS 14 Sonoma, which has yet to be released.

How to stay safe from Mac malware

A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.

(Image credit: robert coolen/Shutterstock)

When it comes to staying safe from the Realst malware, all you currently have to do is avoid downloading sketchy games online. However, once other cybercriminals begin deploying Realst in their attacks this could change.

For this reason, you want to be extremely careful when downloading new programs for your Mac. Just like with the best iPhones, you’re better off finding new programs for your Mac from Apple’s App Store instead of downloading and installing them manually from wherever you find them. This is because apps need to go through a number of different security checks before they can be listed in the App Store.

Even though Apple includes its own XProtect antivirus software with every computer it sells and Macs also have a built-in malware scanner called Gatekeeper, you still might want a bit of extra protection. This is where the best Mac antivirus software can help since these third-party solutions are more frequently updated to help keep your Mac safe from all of the latest malware strains.

We’ve seen a big uptick in the amount of malware designed specifically to target Macs over the past few years and as long as the best MacBooks and other computers from Apple continue to sell as well as they do, this trend will likely continue. This is why Mac users need to start taking malware as seriously as their Windows-using counterparts do. 

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.