Researchers from Palo Alto Networks discovered a new piece of Mac malware dubbed CookieMiner that steals browser cookies associated with
The malware targets cookies associated with cryptocurrency exchanges such as
CookieMiner leverages a Python script named “
CookieMiner is based in the OSX.DarthMiner malware that was discovered by experts at Malwarebytes in December, it is able to steal browser cookies from Chrome and Safari browsers and also sensitive data such as user credentials, in Chrome, saved credit card credentials in Chrome, iPhone text messages from backups and
“This malware is capable of stealing browser cookies associated with mainstream
“It also steals saved passwords in Chrome. By leveraging the
Crooks aim to empty the victim’s exchange account or wallet by using a combination of stolen login credentials, web cookies, and SMS data.
Experts believe the threat actors could bypass multifactor authentication for the sites for which they are able to steal associated info.
CookieMiner configures the compromised systems to load
Like DarthMiner, the malware leverages on the EmPyre backdoor as a
“The malware ‘CookieMiner’ is intended to help threat actors generate profit by collecting credential information and mining cryptocurrency. If attackers have all the needed information for the authentication process, the multi-factor authentication may be defeated.” Palo Alto Networks concludes.
“Cryptocurrency owners should keep an eye on their security settings and digital assets to prevent compromise and leakage,”
Further details, including IoCs, are reported in the analysis published by PaloAlto networks.
(SecurityAffairs – CookieMiner,