New 'CookieMiner' malware aims to steal cryptocurrency logins from Mac owners
Newly-discovered Mac malware is geared toward stealing browser cookies for cryptocurrency exchanges such as Coinbase and Bittrex, security researchers say.
The code is based on "OSX.DarthMiner," uncovered in late 2018, members of Palo Alto Networks' Unit 42 reported on Thursday. Some other targeted exchanges include the likes of Binance, Poloniex, Bitstamp, and MyEtherWallet.
It also attempts to steal text messages from iTunes backups, and passwords and credit cards saved in Chrome — but not in Safari. In some cases the combination of data could even let attackers bypass two-factor authentication at cryptocurrency sites, normally a strong deterrent.
Compounding problems, the new malware — nicknamed "CookieMiner" — will install covert coin mining software that consumes a Mac's system resources. The app is apparently geared toward mining "Koto," a privacy-oriented Japanese cryptocurrency.
CookieMiner's creators can execute remote controls, and the code is smart enough to check if if Objective Development's Little Snitch firewall app is active, halting the remote access agent to avoid detection.
Customers of Palo Alto Networks' WildFire technology are already protected from the threat. It's not certain whether Apple has been alerted or taken action.
In the interim worried Mac users concerned about this vector of attack may want to avoid saving credentials in the Keychain and not directly in a browser, and/or scrub browser caches on a regular basis.