Researchers Find New Mac “CookieMiner” Malware Stealing Cryptocurrency Trading Access & More

People checking their balances on cryptocurrency exchanges and financial accounts are being warned to delete all cookies from their browsers after they log out.

According to cybersecurity researchers at Palo Alto Networks, a new cookie-based cryptomining malware called “CookieMiner” is circulating and is designed to steal passwords, credit card info and personal data, first reported by Fortune.

Palo Alto Networks went public with their findings Thursday and Jen Miller-Osborn, deputy director of threat intelligence at Palo Alto Networks and its Unit 42 research team, has urged Mac users never to store personal information like usernames and passwords in browsers.

Miller-Osborn also advised that people should clear cookies, “especially when visiting financial accounts.”

Though malware has typically been directed at Windows users in the past, Apple-focused malware appears to be on the rise. The malware also seeks to steal iPhone text messages from iTunes backups.

The new “CookieMiner” malware identified by Palo Alto appears to be a version of OSX.DarthMiner malware discovered by Malwarebytes in December.

Both types of Malware are designed to exploit the targeted system in the surreptitious mining of crypto for the benefit of the attacker.

Crypto-mining malware infections can run down a computer and increase the owner’s electricity costs.

According to Palo Alto, CookieMiner reportedly causes infected systems to “mine Koto, a lesser-known cryptocurrency that is associated with Japan.”

But CookieMiner also reportedly allows hackers to steal cookies out of victims’ Apple Safari and Google Chrome browsers, including the cookies used by crypto exchanges (ex. Coinbase and Binance) to collect data on users visiting the exchange.

CookieMiner can also collect usernames, passwords and financial info saved in Chrome browsers.

This new double-dipping malware, therefore, has the potential to much be more profitable than standard cryptomining malware.

What is unclear currently is where the malware is being picked up. Palo Alto reportedly does not know which “shady apps” are to blame.

According to Malwarebytes, OSX.DarthMiner malware was found in fake apps disguised to look like they were issued by Adobe, the makers of Photoshop.

Malwarebytes advises that all people avoid downloading pirated software- a common source of computer virus and malware infection.

More information is available here.

Sponsored Links by DQ Promote


Send this to a friend