In a concerning development, Web3 play-to-earn games are gaining popularity as users can now earn money while gaming. However, security firm SentinelOne has discovered a new crypto-malware named Realst, written in the Rust programming language, targeting macOS devices, including the latest macOS 14 Sonoma. The malware is specifically designed to steal sensitive information such as wallet passwords and private keys from cryptocurrency wallets.
Hackers behind Realst are employing deceptive tactics to distribute the malware through fake Web3 games such as Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and SaintLegend. They create social media accounts and websites to lend an air of legitimacy to these fake games, tricking victims into installing them. However, unbeknownst to the users, these files contain malicious code that surreptitiously extracts sensitive data from their devices, including iCloud Keychain data.
Reports have emerged of victims having their crypto wallets drained within minutes of downloading the fraudulent Brawl Earth game. The hackers adopt an air of credibility by presenting their projects with detailed documentation, substantial Twitter followers, and hundreds of Discord users. When victims attempt to communicate with the supposed Brawl Earth team, all conversations are swiftly deleted, and they find themselves blocked, left with empty wallets.
Apple devices have been frequent targets of hackers, and even previously faced crypto phishing attacks that compromised two-factor authentication. The tech giant has issued urgent software updates in response to critical vulnerabilities that could facilitate crypto theft from users' devices. Services like MetaMask have also cautioned users about phishing scams and the risks associated with backing up wallet data on iCloud.
According to data from Kaspersky, crypto phishing scams have seen a significant 40% increase between 2021 and 2022. To safeguard against falling victim to these malicious activities in the Web3 gaming world, users are strongly advised to store seed phrases or passwords offline, away from their devices. Maintaining vigilance and exercising caution remain paramount in protecting oneself from these evolving threats.