Security researchers at Palo Alto Networks have discovered a new malware threat that targets Macs in what appears to be a sophisticated attempt to raid cryptocurrency wallets. The malware, which researchers have dubbed CookieMiner, has a variety of weapons in its armory that could make it particularly worrisome for cryptocurrency investors.

According to security analysts Yue Chen, Cong Zheng, Wenjun Hu and Zhi Xu, the macOS-based malware can steal browser cookies from users’ Google Chrome and Apple Safari browsers. Specifically, cookies associated with the following cryptocurrency exchanges are targeted:

  • Binance
  • Bitstamp
  • Bittrex
  • Coinbase
  • MyEtherWallet
  • Poloniex
  • Any website with “blockchain” in its domain name (for instance, blockchain.com)

The cookies are grabbed from the infected user’s browser, zipped up and then uploaded to a remote server under the control of the criminals.

The researchers explain that these details are most likely being stolen to assist them in their attempts to breach accounts:

Web cookies are widely used for authentication. Once a user logs into a website, its cookies are stored for the web server to know the login status. If the cookies are stolen, the attacker could potentially sign into the website to use the victim’s account. Stealing cookies is an important step to bypass login anomaly detection. If only the username and password are stolen and used by a bad actor, the website may issue an alert or request additional authentication for a new login. However, if an authentication cookie is also provided along with the username and password, the website might believe the session is associated with a previously authenticated system host and not issue an alert or request additional authentication methods.

In addition to stealing cookies, CookieMiner had no qualms about raiding the Chrome browser to extract saved passwords and credit card details.

But Cookie Miner doesn’t stop (Read more...)