CookieMiner Malware for Mac Steals Cookies, Passwords and SMS Messages to Get at Cryptocurrency: Report

Advertisement
By Jamshed Avari | Updated: 1 February 2019 17:09 IST
Highlights
  • By stealing cookies and text messages, 2FA security could be bypassed
  • The malware also tries mining the obscure Koto cryptocurrency
  • No information about how this malware spreads has been published

A new malware threat that steals cryptocurrency on Macs and then uses their resources to mine for more has been identified by security research firm Palo Alto Networks. The threat, which has been named CookieMiner, intercepts browser cookies set by popular cryptocurrency exchanges and wallets, and can also steal passwords stored by Google Chrome. It can even go through iPhone backup files saved on a Mac and scan through a user's text messages. Unit 42, the threat intelligence division of Palo Alto Networks which discovered the threat, believes that this could help the malware authors bypass a user's two-factor security protections.

CookieMiner is believed to be based on a known malware called OSX.DarthMiner, which was documented by MalwareBytes in December 2018. Attackers who gain access to a user's Chrome passwords, cookies and text messages could simply log in to their victims' cryptocurrency wallets or exchanges and transfer all the money to themselves.

Advertisement

Browser cookies can potentially be used to trick a Web service into thinking it is being accessed from a previously trusted device, in theory reducing the likelihood that a second authentication factor will be asked for.

To add insult to injury, the CookieMiner malware also starts mining new cryptocurrency for the attackers using the resources of infected Macs. According to Unit 42's blog post detailing the threat, the miner tries generating a niche privacy-focused cryptocurrency called Koto that is used in Japan. Interestingly, Unit 42's research suggests that the malware authors tried to cover up this fact and appear as though they want to mine the more popular Monero cryptocurrency.

While CookieMiner can steal passwords (and saved credit card information) only from Google Chrome, it can also access cookies stored by Apple's Safari browser. It drops a backdoor known as EmPyre on infected Macs to allow the attackers to maintain control remotely. When mining the Koto cryptocurrency, it uses an algorithm targeted more at a computer's CPU than its GPU, as relatively few infected Macs are likely to have powerful discrete GPUs.

The blog post disclosing this discovery does not point to where or how the CookieMiner malware might have originated, how widespread it is, or how it infects new Macs. Anyone dealing with cryptocurrency or other sensitive financial information should take precautions such as not relying on automatic password vaults and running periodic malware checks.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement
Popular Mobile Brands
  1. Amazon Prime Day 2026: Best Deals on Redmi and Xiaomi Smartphones
  2. Amazon Prime Day Laptop Deals: Best Discounts on HP, Asus, Lenovo and More
  3. iPhone 18 May Receive RAM Boost to Handle Apple Intelligence Better
  4. Best Gaming Laptops Under Rs. 80,000 in India
  5. Amazon Prime Day 2026: Best Deals on Fire TV Stick and Streaming Devices
  6. Everything We Know About the Nothing Phone 4b
  1. Xiaomi 18 Pro Max Camera, Display, Battery Details Tipped; May Get 8,500mAh Battery, 200-Megapixel Cameras
  2. iPhone 18, iPhone 18e Tipped to Get 9GB RAM Upgrade for Apple Intelligence; Pro Models May Stick With 12GB
  3. Amazon Prime Day 2026 Laptop Deals: Best Discounts on HP, Asus, Lenovo, Dell, Acer Models
  4. Best Camera Phones Under Rs. 30,000 for Content Creators in India: Motorola Edge 70 Fusion, Galaxy F56, More
  5. Boat Stone 900 Launched in India With Up to 80W Sound Output, Up to 15 Hours Audio Playback: Price, Features
  6. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  7. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
  8. Nokia 235 4G (2026), 215 4G (2026) Launched Alongside Nokia 210 4G, and 200 4G With AI Assistant Button
  9. Samsung Galaxy S27 Ultra Battery Details Leaked; Could Top iPhone 18 Pro Max's Battery Capacity
  10. OnePlus Ace 7 Series Tipped to Feature 185Hz Display, 9,000mAh Battery
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.