Cado Security Labs Identifies New Malware Targeting Crypto Wallets on Windows and macOS

A sophisticated new malware, dubbed Realst, is targeting cryptocurrency wallets and other sensitive data belonging to web3 professionals. The malware operates by disguising itself as a fake meeting application, posing a significant threat to both Windows and macOS users.

Details of the Malware

Realst has been active for approximately four months, according to cybersecurity firm Cado Security Labs. It is designed to steal:

• Cryptocurrency wallets
• Browser-stored credentials
• Banking card details
• Hardware wallet information

The malware’s distribution strategy involves AI-generated websites that mimic legitimate platforms. These websites include fabricated product reviews, blog posts, and even social media accounts to appear credible and trustworthy.

AI-Driven Campaigns

Researchers have flagged the growing use of AI by scammers to generate realistic content for their campaigns. This tactic makes it increasingly challenging for users to distinguish between genuine platforms and malicious schemes.

Aliases and Techniques

Realst has been identified under various aliases, including:

• Clusee[.]com
• Cuesee
• Meeten[.]gg
• Meeten[.]us
• Meetone[.]gg
• Meetio

Social engineering plays a critical role in this campaign. Scammers use platforms like Telegram to impersonate trusted contacts or propose fake business opportunities, directing victims to their fraudulent websites. Alarmingly, these sites also run malicious JavaScript in the background, capable of stealing cryptocurrency stored in web browsers even before malware installation.

Escalating Social Engineering Threats

This malware campaign is not an isolated incident. Social engineering schemes have become a persistent threat in the crypto space:

• Zoom Imitation Scam: Last month, a whale investor lost over $6 million after being tricked into clicking a malicious link mimicking Zoom.
• Radiant Capital Hack: A $50 million hack of the decentralized finance protocol resulted from malware disguised as a PDF file.

Crypto Sector Vulnerability

Experts, including those at Coinbase, have identified social engineering scams as the top threat to cryptocurrency enthusiasts. Over the years, scammers have drained billions of dollars from the sector. In November alone, losses from crypto phishing scams exceeded $9 million.

Protective Measures

Web3 professionals and cryptocurrency holders are urged to:

• Verify the authenticity of websites and applications.
• Avoid clicking on unsolicited links, especially from unknown contacts.
• Use hardware wallets to secure funds and refrain from storing large amounts of cryptocurrency in web browsers.
• Enable two-factor authentication (2FA) wherever possible.