01 Feb 2019

A new malware has been discovered in Mac which targets to steal the contents in cryptocurrency wallets. The malware has been named as CookieMiner due to its capability to steal browser cookies associated with cryptocurrency exchanges and wallet service websites visited by the victim.

The malware has been discovered by the researchers at Palo Alto Networks. Besides stealing and exchanging the contents of a cryptocurrency wallet, CookieMiner inserts a cryptojacker onto the infected OSX machine. This permits the hackers to mine for additional digital currency secretly. A cryptocurrency Koto, offers users anonymity in such cases and it is mostly used in Japan.

However, the methods how the malware gets into the system is still not known. After gaining access to the system the CookieMiner checks the browser cookies with links to cryptocurrency exchanges and websites that reference blockchain. Some of the few exchanges targeted include Binance, Coinbase, Poloniex, Bittrex, Bitstamp, and MyEtherWallet.

By making use of a Shellscript, the malware steals the browser cookies of Google Chrome and Apple Safari from the victim’s machine which is then uploaded to a folder on a remote server. In this way it can extract the necessary login credentials and the cookies to login so that it thinks that the new login attempt is coming from the same machine previously used by the victim. This prevents it from being considered as a suspect.

CookieMiner just not aims at the victim’s Mac alone, instead if the victim had used iTunes to sync their Mac with their iPhone, the malware can also read the text messages. This enables the hackers to steal login passcodes and other messages which can be used to bypass any two-factor authentication the users have enables on their cryptocurrency accounts.

When the attackers, login to the wallet then they can do anything just the user do and they use this privilege to steal the contents of the wallet. They can also trade it by buying or selling the cryptocurrency for large profits.

After utilizing the wallet, they also insert a cryptocurrency miner which is very active and has ranking as the top miner for Koto.

CookieMiner also injects a script for continuance and to control the machine remotely to check the machines to send commands, all of these are related to mining.

All these cryptocurrency attacks shows that the attackers are active and it is recommended that the cryptocurrency owners must be vigilant regarding their security settings and digital assets to prevent compromise and leakage.

Leave your thought