macOS RedLine Stealer malware found on fake blockchain games

macOS is being abused to create malicious software embedded in bogus games, a malware hunter has disclosed. The games are used to lure victims and are blockchain-based.

The fake online gaming project goes by the name “PureLand,” which malware researcher iamdeadlyz said was a new iteration of the previously spotted “Pearl Land Metaverse.”

What iamdeadlyz hadn’t seen before was a version of this particular gaming malware, which steals data off a target machine, running off the macOS system.

“As usual, they distribute RedLine Stealer malware,” the malware hunter said. “Though what caught my interest the most was their macOS build. It's new, so there’s no public intel about this… yet.”

Previously, iamdeadlyz had detected the following bogus gaming platforms used by PureLand as lures: Destruction, Evolion, Olymp of Reptiles, and Brawl Earth.

The researcher added: “Later on, I found similar fake projects named RyzeX, Dawn Land MetaWorld, and WildWorld. An old fake project that I've been monitoring since last year has also followed the same patterns.”

Dawn Land
Dawn Land Metaverse is another fake project, according to a malware researcher.

Victims are lured into running malware by cybercriminals or “workers” either by direct messaging them or simply posting an advertisement.

iamdeadlyz said closer inspection of the coding used by the attackers revealed thinly disguised Telegram monikers, including @MonkeyyDrainer.

“It’s a Telegram username,” said iamdeadlyz. “One can also peek at the page's source to see what's happening, this shows the comments in Russian, Dropbox links, and methods to notify the malicious actors.”

iamdeadlyz suspects that @MonkeyyDrainer could be an alternative criminal account to “Monkey Drainer” that was used to drain cryptocurrency wallets — frequently used by legitimate online gamers on the blockchain and often targeted by cyber-thieves. However, the researcher said it could just as easily be a copycat account paying ‘tribute’ to a fellow crook.

The RedLine Stealer malware was first spotted in 2020, according to another researcher LogPoint, which describes it as “a powerful data collection tool, capable of extracting login credentials from a wide range of sources” including web browsers, email apps, and VPNs.

It can collect authentication cookies and card numbers stored in browsers, chat logs, local files, and cryptocurrency wallet databases, as well as target system data such as:

  • IP address
  • Physical location
  • Username
  • Operating system
  • Administrator privileges
  • Installed antivirus software

More from Cybernews:

Can Twitter X be the West's answer to WeChat?

NASA, US tech firms team up for Moon exploration initiative

Amazon pushes biometric payments, raising surveillance and identity theft fears

Pacific Premier Bank clients exposed in MOVEit attacks

Major news publishers plan coalition to sue AI companies

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked