A new instance of Mac malware has been detected by researchers at Palo Alto Networks. The malware is designed to steal browser cookies and other information and it also steals cryptocurrencies on infected Mac computers.
The malware is dubbed CookieMiner, and intercepts browser cookies related to cryptocurrency exchanges and websites of wallet service providers that victims have previously visited. Popular crypto exchanges such as Binance, Coinbase, Bittrex, Poloniex, Bitstamp, and MyEtherWaller are targeted in the CookieMiner campaign, researchers say.
Any website having “blockchain” in its domain name is also targeted.
More about CookieMiner
The team who discovered the malicious threat believes that the piece has been developed from OSX.DarthMiner, a malware known to target the Mac platform.
In addition to targeting the crypto exchanges listed above, the malware also attempts to steal credit card information from major issuers, such as Visa, Mastercard, American Express and Discover, as well as saved usernames and passwords in Chrome, iPhone text messages that are backed up to iTunes, and crypto wallet keys.
“By leveraging the combination of stolen login credentials, web cookies, and SMS data, based on past attacks like this, we believe the bad actors could bypass multi-factor authentication for these sites,” the researchers noted.
If the attempt of exploit is successful, the malware will steal all these details and will gain full access to the victim’s crypto exchange and wallet accounts. Finally, it will steal their funds.
As explained in the report, CookieMiner tries to navigate past the authentication process by stealing a combination of the login credentials, text messages, and web cookies.
In short, the malicious activities performed by CookieMiner are the following:
– Steals Google Chrome and Apple Safari browser cookies from the victim’s machine
– Steals saved usernames and passwords in Chrome
– Steals saved credit card credentials in Chrome
– Steals iPhone’s text messages if backed up to Mac
– Steals cryptocurrency wallet data and keys
– Keeps full control of the victim using the EmPyre backdoor
– Mines cryptocurrency on the victim’s machine