A newly discovered malware targets Mac users and can get access to your crypto wallets by stealing cookies of cryptocurrency exchange sites like Coinbase, Binance, Poloniex, Bittrex, Bitstamp, and MyEtherWallet.

The malware which is dubbed as Cookieminer was uncovered while examining the infamous OSX.DarthMiner – a lesser known malware which surfaced last year. The team from Unit 42 cybersecurity firm based in Palo Alto reported this issue. In this regard,
Jen Miller-Osborn, deputy director of threat intelligence at Unit 42 stated that,

It sparked our interest as it was a new variant with additional functionality.

What’s more threatening is that the malware is capable of secretly installing a crypto-jacking software onto the infected OSX machine, enabling the attackers to mine for the additional digital currency. A lesser know cryptocurrency that is associated with Japan, called ‘Koto’ is used in this case.

The interesting part is about the Modus Operandi of this malware. Having a person’s login credentials usually isn’t enough to gain access to their account if they have two-factor authentication(2FA) enabled. However, if the hacker has their authentication cookies too, they can use these to make the login attempt appear as if it’s connected to a previously verified session.

Basically, to bypass the 2FA, the hackers look for the victim if he has used iTunes to sync their Mac with their iPhone, the malware can also access text messages. This potentially allows the attackers to steal login codes and other messages.

Also, the report suggests that users of Chrome browser become an easy victim due to its popularity. Although Safari being prominent browser next to Google Chrome the researchers did not find any such instances.

Measures to avoid Crypto Leakage

It becomes important for crypto owners to be vigilant regarding any kind of virus which can be potentially harmful. The first thing would be to keep an eye on security settings and digital assets.

On the same lines, Miller-Osborn suggested users that,

They should also clear web browser caches regularly, particularly after logging into financial or other sensitive accounts. It’s quick and ensures the data is not within web browsers to steal

Most importantly to avoid ever saving credentials or credit card information within their browsers, as it’s a common attack vector for malware like this.

All the crypto owners out there -‘Stay Vigilant and spread the word’. If you like this article, please share it across our various social platforms

Share this post