Security Bit: Malicious code exploits the surge in the cryptocurrency market to make money.

Mosyle is the only Apple integration platform. Our goal is to enhance the usability of Apple devices and make them secure for business use. We combine a unique integrated approach to security with the latest Apple-specific security solutions, including automated security and compliance, Next Generation EDR, AI-based Zero Trust, and a proprietary access management system that is the strongest and most modern Apple MDM in the market. As a result, Mosyle makes it easy for over 45,000 organizations to use millions of Apple devices at a low cost. Request an EXTENDED TRIAL today and learn about everything Mosyle can do for you.

The real ransomware, Realst, has returned to attack Macs. The malicious code first appeared this year as a tool to steal cryptocurrency from wallets and to steal other credentials. At the time, I reported that it was initially spread through a fake blockchain game. However, it now appears to be a targeted phishing campaign aimed at web3 developers.

According to a report by Cado Security, cybercriminals are luring victims through fake jobs on social platforms like Telegram and X. This technique is not new. Remember that a joke was made last year about phishing scams that focused on impersonating well-known companies and recruiting fake jobs on LinkedIn.

The main difference in this attack is that it requires victims to download a virtual meeting app instead of requesting personal information such as a social security number or bank account number. Once installed, Realst tries to quickly exploit sensitive data like browser cookies, credentials, and encrypted wallets. Many victims do not realize this process.

The surprising thing is that some fake sites include hidden JavaScript that can steal the encrypted wallet stored in the victim's browser before downloading the malicious code.

Cado Security revealed that the attacker is using AI-generated websites to evade detection and employs a rapid rotation strategy by using multiple domains. This rapid rotation strategy showcases the quality of their technology by using AI-generated content on fake company blogs and social profiles.

When a user downloads a 'meeting tool', the Realst malware activates and searches for and exfiltrates the following information:

• Telegram credentials
• Bank card information
• Keychain credentials
• Browser cookies and autocomplete credentials for Google Chrome, Opera, Brave, Edge, and Arc. Safari is not mentioned.
• Wallet
• Trezor wallet

To ensure safety, avoid downloading from unverified sources, enable multi-factor authentication, do not store cryptocurrency credentials in the browser, and use a trusted video app (e.g., Zoom) when setting up meetings. Always be cautious when accessing business opportunities through Telegram and other social apps. Always verify the authenticity of an account and be cautious when clicking links.

You can find Cado Security's full report here.

More about Apple Security

• Recently released apps now allow regular scanning of iPhones for Periscope spyware with a single dollar fee per month. This spyware can access almost all mobile phone data.
• Context-dependent HTML tag removal and translation result:
• Apple's password app now has a Firefox extension for Mac. Interestingly, this extension appears to have been created by a third-party developer, but Apple has taken it over using its brand and name.
• Mosyle has exclusively published details about the new Mac malware loader family. Mosyle's security research team discovered that these new threats were written in unconventional programming languages and used various secret techniques to evade detection.

Follow us: Twitter/X, LinkedIn, Threads