Generally, Apple Macs have been known to be less susceptible to malware compared to their PC counterparts.  According to a new report published by Unit 42 of Palo Alto Networks, an acutely dangerous form of malware has the ability to steal a user’s cookies to their associated cryptocurreny exchanges and wallets, drain their assets, and install software to mine more crypto currencies, including Monero (XMR).  As a result, the malware has been affectionately known as “CookieMiner.”

 

As stated in the report, this malware is capable of stealing browser cookies associated with mainstream cryptocurrency exchanges and wallet service websites visited by the victims. It also steals saved passwords in Chrome.  Finally, it seeks to steal iPhone text messages from iTunes backups on the tethered Mac.  By leveraging the combination of stolen login credentials, web cookies, and SMS data, based on past attacks like this, we believe the bad actors could bypass multi-factor authentication for these sites.

 

If successful, the attackers would have full access to the victim’s exchange account and/or wallet and be able to use those funds as if they were the user themselves.  The malware also configures the system to load coinmining software on the system. This software is made to look like an XMRig-type coinminer, which is used to mine Monero. In fact, though, it loads a coinminer that mines Koto, a lesser-known cryptocurrency that is associated with Japan.

 

The report concludes by providing the following warning to users, “CookieMiner” is intended to help threat actors generate profit by collecting credential information and mining cryptocurrency. If attackers have all the needed information for the authentication process, the multi-factor authentication may be defeated. Cryptocurrency owners should keep an eye on their security settings and digital assets to prevent compromise and leakage.

 

For more technical details on how “CookieMiner” operates and more, you can find the Unit 42 report here.