CookieMiner is the latest Mac malware to be discovered. It’s highly targeted, using a clever technique to try to steal your cryptocurrency.
Discovered by security researchers from Palo Alto Networks’ Unit 42, it uses a two-fold attack method to obtain your login credentials and bypass two-factor authentication …
TNW reports that CookieMiner tries to grab passwords saved in Chrome, alongside authentication cookies.
Neither technique is new, but Unit 42’s deputy director of threat intelligence Jen Miller-Osborn says it is the focus of this one that distinguishes it from earlier malware.
It also attempts to steal passwords saved in Chrome […] Having a person’s login credentials usually isn’t enough to gain access to their account if they have 2FA enabled. However, if the hacker has their authentication cookies too, they can use these to make the login attempt appear as if it’s connected to a previously verified session. If so, the website won’t ask for the login attempt to be authenticated.
The malware has one other trick up its sleeve: even if it fails to get its hands on your own cryptocurrency, it installs software to use your Mac to mine more without your knowledge.
We would advise to never store financial credentials in your browser, and Unit 42 also recommends clearing your browser caches after logging in to financial accounts.
Back in October, it was discovered that CoinTicker, a Mac app that displays the current price of Bitcoin and other cryptocurrencies in your menu bar, installs backdoors on your Mac that can be exploited in a wide variety of ways.
Photo: Shutterstock
