• Home
  • Internet
  • Internet News
  • CookieMiner Malware for Mac Steals Cookies, Passwords and SMS Messages to Get at Cryptocurrency: Report

CookieMiner Malware for Mac Steals Cookies, Passwords and SMS Messages to Get at Cryptocurrency: Report

Share on Facebook Tweet Share Reddit Comment
CookieMiner Malware for Mac Steals Cookies, Passwords and SMS Messages to Get at Cryptocurrency: Report
Highlights
  • By stealing cookies and text messages, 2FA security could be bypassed
  • The malware also tries mining the obscure Koto cryptocurrency
  • No information about how this malware spreads has been published

A new malware threat that steals cryptocurrency on Macs and then uses their resources to mine for more has been identified by security research firm Palo Alto Networks. The threat, which has been named CookieMiner, intercepts browser cookies set by popular cryptocurrency exchanges and wallets, and can also steal passwords stored by Google Chrome. It can even go through iPhone backup files saved on a Mac and scan through a user's text messages. Unit 42, the threat intelligence division of Palo Alto Networks which discovered the threat, believes that this could help the malware authors bypass a user's two-factor security protections.

CookieMiner is believed to be based on a known malware called OSX.DarthMiner, which was documented by MalwareBytes in December 2018. Attackers who gain access to a user's Chrome passwords, cookies and text messages could simply log in to their victims' cryptocurrency wallets or exchanges and transfer all the money to themselves.

Browser cookies can potentially be used to trick a Web service into thinking it is being accessed from a previously trusted device, in theory reducing the likelihood that a second authentication factor will be asked for.

To add insult to injury, the CookieMiner malware also starts mining new cryptocurrency for the attackers using the resources of infected Macs. According to Unit 42's blog post detailing the threat, the miner tries generating a niche privacy-focused cryptocurrency called Koto that is used in Japan. Interestingly, Unit 42's research suggests that the malware authors tried to cover up this fact and appear as though they want to mine the more popular Monero cryptocurrency.

While CookieMiner can steal passwords (and saved credit card information) only from Google Chrome, it can also access cookies stored by Apple's Safari browser. It drops a backdoor known as EmPyre on infected Macs to allow the attackers to maintain control remotely. When mining the Koto cryptocurrency, it uses an algorithm targeted more at a computer's CPU than its GPU, as relatively few infected Macs are likely to have powerful discrete GPUs.

The blog post disclosing this discovery does not point to where or how the CookieMiner malware might have originated, how widespread it is, or how it infects new Macs. Anyone dealing with cryptocurrency or other sensitive financial information should take precautions such as not relying on automatic password vaults and running periodic malware checks.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Jamshed Avari

Jamshed Avari has been working in tech journalism as a writer, editor and reviewer for over 13 years. He has reviewed hundreds of products ranging from smartphones and tablets to PC components and accessories, and has also written guides, feature articles, news and analyses. Going beyond simple ratings and specifications, he digs deep into how emerging products and services affect actual users, and what marks they leave on our cultural landscape. He's happiest when something new comes ...More

Sony Sees Profit Soar on Games, Music Growth
Facebook Gets Native Resolution Support for iPhone XR, iPhone XS Max, 2018 iPad Pro
 
 

Advertisement

 

Advertisement

© Copyright Red Pixels Ventures Limited 2019. All rights reserved.