The threat actors behind the malware have set up fake companies using AI to make them increase legitimacy. The company reaches out to targets to set up a video call, prompting the user to download the meeting application from the website, which is Realst infostealer.
Once installed and launched on macOS, users are greeted with a message that claims 'The current version of the app is not fully compatible with your version of macOS' and that they need to enter their system password in order for the app to work as expected.
The end goal of the attack is to steal various kinds of sensitive data, including from cryptocurrency wallets, and export them to a remote server. The malware also targets Telegram credentials, banking information, iCloud Keychain data, and browser cookies.
The Windows version of the app Nullsoft Scriptable Installer System (NSIS) file that's signed with a likely stolen legitimate signature from Brys Software, showcasing the sophistication of this cyber threat.
Collection
[
|
...
]