CookieMiner Malware for Mac Steals Cookies, Passwords and SMS Messages to Get at Cryptocurrency: Report

Advertisement
By Jamshed Avari | Updated: 1 February 2019 17:09 IST
Highlights
  • By stealing cookies and text messages, 2FA security could be bypassed
  • The malware also tries mining the obscure Koto cryptocurrency
  • No information about how this malware spreads has been published
CookieMiner Malware for Mac Steals Cookies, Passwords and SMS Messages to Get at Cryptocurrency: Report

A new malware threat that steals cryptocurrency on Macs and then uses their resources to mine for more has been identified by security research firm Palo Alto Networks. The threat, which has been named CookieMiner, intercepts browser cookies set by popular cryptocurrency exchanges and wallets, and can also steal passwords stored by Google Chrome. It can even go through iPhone backup files saved on a Mac and scan through a user's text messages. Unit 42, the threat intelligence division of Palo Alto Networks which discovered the threat, believes that this could help the malware authors bypass a user's two-factor security protections.

CookieMiner is believed to be based on a known malware called OSX.DarthMiner, which was documented by MalwareBytes in December 2018. Attackers who gain access to a user's Chrome passwords, cookies and text messages could simply log in to their victims' cryptocurrency wallets or exchanges and transfer all the money to themselves.

Browser cookies can potentially be used to trick a Web service into thinking it is being accessed from a previously trusted device, in theory reducing the likelihood that a second authentication factor will be asked for.

To add insult to injury, the CookieMiner malware also starts mining new cryptocurrency for the attackers using the resources of infected Macs. According to Unit 42's blog post detailing the threat, the miner tries generating a niche privacy-focused cryptocurrency called Koto that is used in Japan. Interestingly, Unit 42's research suggests that the malware authors tried to cover up this fact and appear as though they want to mine the more popular Monero cryptocurrency.

Advertisement

While CookieMiner can steal passwords (and saved credit card information) only from Google Chrome, it can also access cookies stored by Apple's Safari browser. It drops a backdoor known as EmPyre on infected Macs to allow the attackers to maintain control remotely. When mining the Koto cryptocurrency, it uses an algorithm targeted more at a computer's CPU than its GPU, as relatively few infected Macs are likely to have powerful discrete GPUs.

The blog post disclosing this discovery does not point to where or how the CookieMiner malware might have originated, how widespread it is, or how it infects new Macs. Anyone dealing with cryptocurrency or other sensitive financial information should take precautions such as not relying on automatic password vaults and running periodic malware checks.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement
Popular Mobile Brands
  1. Redmi Pad 2 With 11-Inch 2.5K Display, 9,000mAh Battery Launched in India
  2. Apple Back to School Offer Brings Discounts on iPad Air, Other Products
  3. Oppo Reno 14 5G, Reno 14 Pro 5G India Launch Timeline Leaked
  4. Vivo Y400 Pro 5G: Everything We Know Ahead of India Launch on June 20
  5. Pixel 10, Pixel 10 Pro Alleged Case Hint at Design Changes
  6. Vivo X200 FE Launch Date, Colours, and Design Revealed Ahead of Launch
  7. Boat Wave Fortune Smartwatch With NFC Tap & Pay Feature Launched in India
  8. Nothing Phone 3 to Offer Longer Software Support Than Its Predecessor
  9. Infinix Note 50s 5G+ Gets a New RAM and Storage Option in India: See Price
  10. Redmi K80 Ultra to Use Dimensity 9400+ SoC; Design and Colours Revealed
  1. SpaceX Launches 26 Starlink Satellites from California to Expand Low Earth Orbit Internet Network
  2. NASA and DoD Simulate Critical Abort Scenarios to Secure Artemis II Moon Mission
  3. Brain’s Built-In Signal Threshold Helps Differentiate Imagination from Reality
  4. Feather-Legged Lace Weaver Spider Uses Toxic Silk Instead of Fangs to Kill Its Prey
  5. New Habitability Model Helps Identify Which Alien Planets Might Be Able to Host Life
  6. Warner Bros. Games Restructures to Focus on Harry Potter, Game of Thrones, Mortal Kombat and DC Franchises
  7. Google Pixel 10, Pixel 10 Pro Alleged Case Suggests Minor Design Changes From Predecessors
  8. Oppo Reno 14 5G, Reno 14 Pro 5G India Launch Timeline Leaked
  9. Nothing Phone 3 to Offer Longer Android and Security Update Support Than Its Predecessor
  10. Boat Wave Fortune Smartwatch With NFC Tap & Pay Feature, Bluetooth Calling Launched in India
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.