CookieMiner Malware for Mac Steals Cookies, Passwords and SMS Messages to Get at Cryptocurrency: Report

Advertisement
By Jamshed Avari | Updated: 1 February 2019 17:09 IST
Highlights
  • By stealing cookies and text messages, 2FA security could be bypassed
  • The malware also tries mining the obscure Koto cryptocurrency
  • No information about how this malware spreads has been published
CookieMiner Malware for Mac Steals Cookies, Passwords and SMS Messages to Get at Cryptocurrency: Report

A new malware threat that steals cryptocurrency on Macs and then uses their resources to mine for more has been identified by security research firm Palo Alto Networks. The threat, which has been named CookieMiner, intercepts browser cookies set by popular cryptocurrency exchanges and wallets, and can also steal passwords stored by Google Chrome. It can even go through iPhone backup files saved on a Mac and scan through a user's text messages. Unit 42, the threat intelligence division of Palo Alto Networks which discovered the threat, believes that this could help the malware authors bypass a user's two-factor security protections.

CookieMiner is believed to be based on a known malware called OSX.DarthMiner, which was documented by MalwareBytes in December 2018. Attackers who gain access to a user's Chrome passwords, cookies and text messages could simply log in to their victims' cryptocurrency wallets or exchanges and transfer all the money to themselves.

Browser cookies can potentially be used to trick a Web service into thinking it is being accessed from a previously trusted device, in theory reducing the likelihood that a second authentication factor will be asked for.

To add insult to injury, the CookieMiner malware also starts mining new cryptocurrency for the attackers using the resources of infected Macs. According to Unit 42's blog post detailing the threat, the miner tries generating a niche privacy-focused cryptocurrency called Koto that is used in Japan. Interestingly, Unit 42's research suggests that the malware authors tried to cover up this fact and appear as though they want to mine the more popular Monero cryptocurrency.

Advertisement

While CookieMiner can steal passwords (and saved credit card information) only from Google Chrome, it can also access cookies stored by Apple's Safari browser. It drops a backdoor known as EmPyre on infected Macs to allow the attackers to maintain control remotely. When mining the Koto cryptocurrency, it uses an algorithm targeted more at a computer's CPU than its GPU, as relatively few infected Macs are likely to have powerful discrete GPUs.

The blog post disclosing this discovery does not point to where or how the CookieMiner malware might have originated, how widespread it is, or how it infects new Macs. Anyone dealing with cryptocurrency or other sensitive financial information should take precautions such as not relying on automatic password vaults and running periodic malware checks.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement
Popular Mobile Brands
  1. OnePlus 13s Launched in India: Know Price, Specifications and More
  2. OnePlus Pad 3 With 12,140mAh Battery Launched in India: Check Features
  3. Best Smartphones Under Rs 25,000 in India: Check List
  4. Samsung Galaxy Z Fold 7, Z Flip 7 May Be Unveiled at New York Unpacked Event
  5. Redmi Pad 2 With 9,000mAh Battery Launched in Global Markets: See Price
  6. Tecno Pova Curve 5G First Sale Starts Today in India: See Offers
  7. Stolen Now Streaming on Amazon Prime Video: What You Need to Know
  8. Oppo Teases Launch of New Smartphone in India; Could Be Reno 14
  9. Bazooka OTT Release Reportedly Revealed Online: What You Need to Know
  10. You Can Now Ask Gemini 2.5 Pro Double the Queries With Google AI Pro Plan
  1. Hugging Face Releases SmolVLA Open Source AI Model For Robotics Workflows
  2. Redmi Pad 2 With 9,000mAh Battery, MediaTek Helio G100 Ultra Chip Launched: Price, Specifications
  3. Alphabet CEO Expects to Keep Hiring Engineers as AI Advances
  4. Amazon Said to Be Preparing to Test Humanoid Robots for Deliveries
  5. Google Doubles Gemini 2.5 Pro Rate Limit for Google AI Pro Subscribers
  6. Apple Said to Have Given iPhone Repair Business to Tata India as Partnership Expands
  7. Huawei Pura 80 Pro, Pura 80 Pro+ Design Teased; Pre-Reservation Begin
  8. Mistral Code AI-Powered Coding Assistant Introduced for Enterprise Developers
  9. Nothing Headphone 1 Launch Date Set for July 1, to Arrive Alongside Nothing Phone 3
  10. Ethereum Foundation Announces Overhauled Treasury Strategy Amid Scaling Push
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.