Mac “CookieMiner” Malware Aims to Gobble Crypto Funds

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,055
A newly-discovered malware is targeting Mac users’ web cookies and credentials in hopes of withdrawing funds on their cryptocurrency exchange accounts.

The malware, discovered this month and aptly named “CookieMiner,” collects cryptocurrency-related cookies – in addition to compromised credentials – and uses them to target exchanges, where cryptocurrencies can be traded for other assets, including other digital currencies.

Using these stolen clues, the bad actor behind the malware is able to sidestep any multifactor authentication security measures in place and purport to be the victim – with the aim of eventually siphoning their funds from their accounts.

“CookieMiner tries to navigate past the authentication process by stealing a combination of the login credentials, text messages and web cookies,” researchers at Palo Alto Networks’ Unit 42 group said in a Thursday report. “If the bad actors successfully enter the websites using the victim’s identity, they could perform fund withdrawals. This may be a more efficient way to generate profits than outright cryptocurrency mining.”

It should be noted that researchers have not yet seen evidence of the malware author successfully withdrawing funds from an account, but are instead speculating based on the behavior of the malware.
Researchers stressed that stealing cookies is an important step to bypassing login anomaly detection.

If a bad actor merely uses a username and password, the website may issue an alert and request additional authentication — but if an authentication cookie is also provided along with the username and password, the website might believe the session is associated with a previously authenticated system host.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top