There is a new malware targeting the Mac platform that can enable attackers to steal browser cookies or login credentials for cryptocurrency exchanges and wallet service websites, researchers said.
In addition, the malware can also purloin saved passwords in Chrome, and it attempts to steal iPhone text messages from iTunes backups on the a Mac, said researchers at Palo Alto Networks’ Unit 42.
The malware came from OSX.DarthMiner, a malware known to target the Mac platform, said Palo Alto Researchers Yue Chen, Cong Zheng, Wenjun Hu, and Zhi Xu in a post.
Based on similar past attacks, Unit 42 researchers said leveraging the combination of stolen login credentials, web cookies, and SMS (text message) data, it would be possible to bypass multi-factor authentication for these sites. If that is the case, there is no need to create time consuming code to break in.
If successful, attackers would have full access to the victim’s cryptocurrency exchange account and/or wallet and be able to use those funds as if they were the user themselves.
The malware also configures the system to load coin mining software on the system. This software is made to look like an XMRIG-type coinminer, which is used to mine the cryptocurrency Monero. In fact, it loads a coinminer that mines Koto, a lesser-known cryptocurrency associated with Japan.
Because of the way it attacks the cookies associated with exchanges, the Palo Alto Networks researchers have named this malware CookieMiner.
Web cookies are widely used for authentication. Once a user logs into a website, cookies are stored so the web server knows the individual’s login status. If the cookies are stolen, an attacker could potentially sign into the website to use the victim’s account. Stealing cookies is an important step to bypassing login anomaly detection.
CookieMiner capabilities allows it to:
• Steal Google Chrome and Apple Safari browser cookies from the victim’s machine
• Steal saved usernames and passwords in Chrome
• Steal saved credit card credentials in Chrome
• Steal iPhone’s text messages if backed up to Mac
• Steal cryptocurrency wallet data and keys
• Keep full control of the victim using the EmPyre backdoor
• Mine cryptocurrency on the victim’s machine
Researchers said cryptocurrency owners should keep an eye on their security settings and digital assets to prevent compromise and leakage.