CookieMiner is the latest Mac malware to be discovered. It’s highly targeted, using a clever technique to try to steal your cryptocurrency.
Discovered by security researchers from Palo Alto Networks’ Unit 42, it uses a two-fold attack method to obtain your login credentials and bypass two-factor authentication …
TNW reports that CookieMiner tries to grab passwords saved in Chrome, alongside authentication cookies.
Security researchers from Palo Alto Networks’ Unit 42 have identified a new cryptocurrency stealing malware. What has been dubbed as “CookieMiner,” specifically targets Mac users and the cookies related to their logon credentials for cryptocurrency exchanges like Coinbase, Binance, Poloniex, Bittrex and Bitstamp, and Ethereum blockchain service, MyEtherWallet […]
It also attempts to steal passwords saved in Chrome […] Having a person’s login credentials usually isn’t enough to gain access to their account if they have 2FA enabled. However, if the hacker has their authentication cookies too, they can use these to make the login attempt appear as if it’s connected to a previously verified session. If so, the website won’t ask for the login attempt to be authenticated.
Neither technique is new, but Unit 42’s deputy director of threat intelligence Jen Miller-Osborn says it is the focus of this one that distinguishes it from earlier malware.
“There are a lot of coinminers and other malware in the wild and targeting credentials or cookies stored in browsers is not new,” Miller-Osborn added. “Targeting all of these with apparent focus on gaining access to cryptocurrency exchanges and trying to avoid [multi-factor authentication] protections is newer.”
The malware has one other trick up its sleeve: even if it fails to get its hands on your own cryptocurrency, it installs software to use your Mac to mine more without your knowledge.
We would advise to never store financial credentials in your browser, and Unit 42 also recommends clearing your browser caches after logging in to financial accounts.
Back in October, it was discovered that CoinTicker, a Mac app that displays the current price of Bitcoin and other cryptocurrencies in your menu bar, installs backdoors on your Mac that can be exploited in a wide variety of ways.