A new macOS malware has been discovered, dubbed as CookieMiner. The malware specifically targets Mac users and steals their cookies of login credentials and leverage it to steal money from wallets and Cryptocurrency exchanges such as Bitstamp, Coinbase, Poloniex, Binance and MyEtherWallet.
Security researchers from PaloAltoNetworks’ Unit42 further reported that hackers can even bypass the two-factor authentication to gain access to users account if they make the login attempt look as if they were made before. This way a hacker can easily steal money if users have also enabled two-factor authentication. The malware was also able to obtain passwords from Chrome and text messages stored in iTunes.
“Security researchers from Palo Alto Networks’ Unit 42 have identified a new cryptocurrency-stealing malware. What has been dubbed as “CookieMiner,” specifically targets Mac users and the cookies related to their login credentials for cryptocurrency exchanges such as Coinbase, Binance, Poloniex, Bittrex, Bitstamp, and MyEtherWallet […],” the cited source stated.
Watch: Asus Zenfone 5Z First Look
“It also attempts to steal passwords saved in Chrome […] Having a person’s login credentials usually isn’t enough to gain access to their account if they have 2FA enabled. However, if the hacker has their authentication cookies too, they can use these to make the login attempt appear as if it’s connected to a previously verified session. If so, the website won’t ask for the login attempt to be authenticated,” the report further added.
Additionally, 9to5mac reported that if the malware “fails to get its hands on your own cryptocurrency, it installs software to use your Mac to mine more without your knowledge.” Therefore, users are advised to better ignore saving financial credentials in your system’s browser.