Mac users need to beware of a newly discovered piece of malware that steals their web browser cookies and credentials in an attempt to withdraw funds from their cryptocurrency exchange accounts.
Dubbed CookieMiner due to its capability of stealing cookies-related to cryptocurrency exchanges, the malware has specifically been designed to target Mac users and is believed to be based on DarthMiner, another Mac malware that was detected in December last year.
Uncovered by Palo Alto Networks’ Unit 42 security research team, CookieMiner also covertly installs coin mining software onto the infected Mac machines to secretly mine for additional cryptocurrency by consuming the targeted Mac’s system resources.
In the case of CookieMiner, the software is apparently geared toward mining “Koto,” a lesser-known, privacy-oriented cryptocurrency which is mostly used in Japan.
However, the most interesting capabilities of the new Mac malware is to steal:
- Both Google Chrome and Apple Safari browser cookies associated with popular cryptocurrency exchanges and wallet service websites.
- Usernames, passwords and credit card information saved in the Chrome web browser.
- Cryptocurrency wallet data and keys.
- iPhone’s text messages of victims stored in iTunes backups.
When talking about the targeted cryptocurrency exchanges and wallet services, CookieMiner was found targeting Binance, Coinbase, Poloniex, Bittrex, Bitstamp, MyEtherWallet, and any website having “blockchain” in its domain and using cookies to track their users temporarily.
images from Hacker News