Artificial intelligence (AI) is not only transforming industries but also providing new tools for cybercriminals. Recent findings from security researchers have unveiled a sophisticated info-stealer malware that disguises itself as video-calling software. This malware, known as Realst, has been operational for approximately four months and targets both macOS and Windows users.
What you need to know about the malware
Cado Security Labs has identified a multi-faceted scam that leverages AI to create a veneer of legitimacy. The hackers behind Realst have established fake company websites and generated AI-driven content, including blogs and product descriptions, to bolster their ruse. Operating under the guise of a company named “Meetio,” they have previously used various aliases such as Clusee, Cuesee, Meeten, and Meetone.
The scam typically unfolds through social engineering tactics. Victims often receive messages on platforms like Telegram from individuals posing as friends or acquaintances, who then pitch enticing business opportunities and suggest scheduling a call. In a particularly deceptive instance, a scammer sent an investment presentation purportedly from the victim’s own company, enhancing the scam’s credibility. Other victims have reported being lured into Web3-related discussions, leading to the installation of the malicious software and subsequent theft of their cryptocurrency.
Upon being directed to the “Meeten” website, users are prompted to download the malware disguised as legitimate software. The downloaded file contains a program named “fastquery,” while other variants may appear as a DMG file with a multi-architecture setup. Once executed, the malware generates error messages that mislead the user into thinking there is a connectivity issue, while simultaneously requesting a password—a common tactic in macOS malware.
How the malware works
Once installed, the malware scans the victim’s computer for sensitive information, including passwords and account details. It organizes the stolen data into a folder, compresses it into a zip file, and transmits it to a remote server. This server collects not only the stolen data but also system information such as the operating system’s build version. The malware is adept at extracting credentials from various applications, including Telegram, banking details, and data from popular web browsers like Google Chrome and Microsoft Edge.
6 ways you can stay safe from sneaky macOS malware
- Verify sources before downloading software: Always download software from trusted sources. Be wary of links sent via unsolicited messages or emails, particularly those urging immediate action.
- Be cautious of unexpected contact: If approached by unfamiliar contacts on messaging platforms, verify their identity before engaging in discussions or downloading anything.
- Enable two-factor authentication (2FA): Implement 2FA on sensitive accounts to add an extra layer of security against unauthorized access.
- Use strong and unique passwords: Employ complex passwords for different accounts and consider using a password manager to help manage them securely.
- Keep your software updated: Regularly update macOS and applications to benefit from the latest security patches and features.
- Invest in personal data removal services: Utilize services that help remove your personal information from public databases, reducing the risk of being targeted in future attacks.
