New Crypto Malware Targets Mac Users
A new threat to crypto users has been exposed as CookieMiner, a malware designed to steal web cookies and user passwords for cryptocurrency exchanges.
A Novel Attack Vector
Malware has been in the news a lot lately. For instance, it was revealed that four percent of all the Monero (XMR) that has been mined in the last decade was mined by malware bots. Crypto users have always been warned to be on the lookout for potential malware designed to steal their funds.
Now it seems another type of malware has been discovered according to a January 31, 2019 report by Palo Alto Networks, a Cybersecurity firm.
Stealing from the Digital Cookie Jar
The malware in question is an advanced form of OSX.DarthMiner called CookieMiner and is designed to target Mac users. It does so by going after passwords for the Google Chrome browser, Apple’s Safari Browser, SMS messages sent via iMessage and iTunes backups. The ultimate goal of all this is to gain access to cryptocurrency exchange passwords of the users and that information is often stored in these mediums.
Besides this, having access to this information can help the hackers to bypass two-factor authentication steps set up by the user. This is because most of the authentication steps involve sending passwords to phone numbers and so on. Should the hackers be successful, they could steal funds from users’ wallets.
“If successful, the attackers would have full access to the victim’s exchange account and/or wallet and be able to use those funds as if they were the user themselves,” the report says.
Furthermore, the malware installs mining software unto the victims’ device which is designed to resemble the XMRig miner, which mines Monero.
The most important part in hacking into user accounts the stealing of web cookies from both the users’ system and cryptocurrency exchanges. Without the use of the stolen cookies, the exchange might alert the user should their passwords be used in an irregular manner. With the stolen cookies, however, no such warning is given and the user might not find out until their funds are stolen.
Unit 42, the global security arm of Palo Alto Networks, has issued a warning to users to avoid falling victim to the CookieMiner malware by being very careful about their security settings on their devices and also on cryptocurrency exchanges.
“Cryptocurrency owners should keep an eye on their security settings and digital assets to prevent compromise and leakage,” they said.