A new malware threat has been detected which steals cryptocurrency on Macs and then uses these resources to mine for more. This was identified by security research firm Palo Alto Networks. The threat has been named as “CookieMiner”, and it intercepts browser cookies which are set by popular cryptocurrency exchanges and wallets, and also has the ability to steal passwords which are stored by Google Chrome. It even could go through an iPhone backup file which is saved on a Mac and scan through the user’s text messages. Unit 42, the threat intelligence division of Palo Alto Networks discovered the threat and believes that it would help the malware authors bypass user’s two-factor security protections.
“CookieMiner” could be based on a known malware called OSX.DarthMiner, which has been documented by MalwareBytes in December 2018. Attackers also can access a user’s Chrome passwords, cookies and text messages by simply logging in to their victims’ cryptocurrency wallets or exchanges and transfer all their money to themselves.
Browser cookies could potentially be used to trick a Web service into thinking that it is being accessed from a previously trusted device, and reducing the likelihood of a second authentication factor which would otherwise be asked for.
CookieMiner malware also has the ability to start mining new cryptocurrency for such attackers with the help of resources from infected Macs. Unit 42’s blog post detailing the threat suggested that the miner would try to generate a niche privacy-focused cryptocurrency known as Koto which is used in Japan. Unit 42’s research suggested that the malware authors were trying to cover up for this fact.
CookieMiner can also steal passwords (and saved credit card information) from Google Chrome, access cookies stored by Apple’s Safari browser. It has the ability to drop a backdoor known as EmPyre on the infected Macs which would allow the attackers to maintain their control remotely. In mining the Koto cryptocurrency, the app uses an algorithm which targets at a computer’s CPU than its GPU.