Mac users are under attack by a recently discovered Mac malware that wishes to steal the contents of cryptocurrency wallets.
Named CookieMiner by the researches who discovered this malicious program, mostly due to its capability of stealing browser cookies associated with cryptocurrency exchanges and wallet service websites visited by those inflected by the malware. This malware was originally discovered by the Palo Alto Networks.
In addition to hijacking and trading the contents inside a cryptocurrency wallet, CookieMiner injects a crypto jacker onto the infected OSX machine, allowing the attackers to secretly mine for even more cryptocurrency.
It’s currently unknown on how the newly discovered malware manages to gain access to systems, but once it does, CookeMiner examines a users browser cookies containing links to cryptocurrency exchanges and website that refer to the blockchain. Exchanges that are known to be on its targeting list include Binance, Bittrex, Bitstamp, Coinbase, Poloniex, and MyEtherWallet.
By utilizing a shell script, Cookieminer steals Google Chrome and Apple Safari browser cookies from the Victims computer, uploading them to a folder on a remote server. In doing so, it can extract the required login credentials and the cookies required to make it seem as if the new login attempt is coming from the system used by the victim, therefore preventing any triggers of suspicious logins.
Another problem for any victim that’s been targeted by CookieMiner is that if they use iTunes to sync their Mac with their iPhone, the malware will be given access to text messages. This potentially allows the attackers to high jack login codes and other messages that can then be abused to bypass any two-factor authentication the users have applied to their cryptocurrency accounts.
Once the attackers have successfully gained access to the crypto wallets, they’ll gain similar privileges as the users, which they will then use to steal the contents of the wallet. Its also possible that the attackers could game the system, trading large amounts of cryptocurrency in an effort to boost valuations for their own gain.
Researchers are currently advising every cryptocurrency owner to keep an eye out on their security settings and digital assets in order to prevent any sort of compromise and leakage, due to the belief that this criminal campaign is still ongoing.