Realst: New Rust-based Mac Malware Targets Crypto Wallets of Apple Users
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
A new information stealer dubbed ‘Realst’ is being used to target macOS users. Designed with multiple variants, the malware is ready to target Apple’s major operating system release, macOS 14 Sonoma.
First discovered by security researcher iamdeadlyz , the malware written in Rust is being distributed to both Windows and macOS users through multiple bogus blockchain games. Windows users are being infected with infostealers like RedLine Stealer and Mac users by Realst.
Using social media platforms, the attackers initially try to convince their targets to take part in a paid collaboration. Testing fake games like Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and SaintLegend, the attacker deploys the infostealer onto the targeted system to steal sensitive information and empty cryptocurrency wallets. ‘’Each version of the fake blockchain game is hosted on its own website complete with associated Twitter and Discord accounts,’’ stated SentinelOne report .
The malware targets Firefox, Chrome, Opera, Brave, and Vivaldi browsers but Apple Safari was the only exception among the analyzed browsers. The malware also has the capability to capture screenshots and download information from Telegram.
‘’Most variants attempt to grab the user’s password via osascript and AppleScript spoofing,’’ Realst also performs a basic check to confirm the host machine is a real or virtual one ‘’via sysctl -n hw.model,’’ the report read.
During the investigation, it was also found that ‘XProtect’ Apple’s malware blocking service was unable to prevent the execution of this malware. Furthermore, SentinelOne analyzed 59 malicious Mach-O samples and found distinct differences among the identified 16 variants of the malware.
‘’The number of Realst samples and their variation shows that the threat actor has invested serious effort in order to target macOS users for data and crypto wallet theft,’’ SentinelOne said. ‘’Given the current popular interest in blockchain games, which promise users the reward of making money while gaming, users and security teams are urged to treat solicitations to download and run such games with extreme caution.’’
Moreover, the growing popularity of infostealers and their availability as malware-as-a-service offering should also be taken into consideration while deploying security solutions, especially with the increasing availability of stolen data, packaged and sold on dark web and Telegram platforms.
Tampa General Hospital Discloses Data Breach Involving 1.2 Million Patients
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
Last week, Tampa General Hospital (TGH) in a public announcement disclosed a cybersecurity incident that compromised personal health information (PHI) of nearly 1.2 million patients.
The Florida-based private nonprofit healthcare facility servicing the western Florida and greater Tampa Bay region, is the region’s only university-level academic medical center.
TGH in its notice said that on May 31, it detected unusual activity on its computer system. The organization partnered with third-party cybersecurity experts to launch an investigation immediately.
In the notice, the organization also explained that its ‘’monitoring systems and experienced technology professionals effectively prevented encryption, which would have significantly interrupted the hospital’s ability to provide care for patients.’’
The investigation revealed that an unauthorized third-party attacker infiltrated TGH’s network between May 12- 30, 2023, and exfiltrated certain files from its network system.
The files are said to contain sensitive personal information of around 1.2 million patients. The data which varied by individual is said to contain the names, phone numbers, addresses, Social Security Numbers, date of birth, medical record and patient account numbers, health insurance information, dates of service and limited treatment information used for business operations. The organization clarified that the hackers had not accessed its electronic medical record system.
Details about the threat actor and attack technique remains unknown. However, TGH has already implemented containment measures to prevent any further damage to its network system. The healthcare facility has deployed additional security systems, including system monitoring to ensure such incidents do not occur in future.
Moreover, TGH has also notified the Federal Bureau of Investigation (FBI) about the data breach. It has also announced that in addition to notifying the affected individuals, they would also be offered free credit monitoring and identity theft protection services.
The attack on TGH comes after a recent spate of attacks witnessed on healthcare facilities around the world. For instance, the July 2023 HCA Healthcare data breach incident that impacted nearly 11 million patients.
