Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

New 'CookieMiner' malware aims to steal cryptocurrency logins from Mac owners

Roger Fingas |

Newly-discovered Mac malware is geared toward stealing browser cookies for cryptocurrency exchanges such as Coinbase and Bittrex, security researchers say.

The code is based on "OSX.DarthMiner," uncovered in late 2018, members of Palo Alto Networks' Unit 42 reported on Thursday. Some other targeted exchanges include the likes of Binance, Poloniex, Bitstamp, and MyEtherWallet.

It also attempts to steal text messages from iTunes backups, and passwords and credit cards saved in Chrome — but not in Safari. In some cases the combination of data could even let attackers bypass two-factor authentication at cryptocurrency sites, normally a strong deterrent.

Compounding problems, the new malware — nicknamed "CookieMiner" — will install covert coin mining software that consumes a Mac's system resources. The app is apparently geared toward mining "Koto," a privacy-oriented Japanese cryptocurrency.

CookieMiner's creators can execute remote controls, and the code is smart enough to check if if Objective Development's Little Snitch firewall app is active, halting the remote access agent to avoid detection.

Customers of Palo Alto Networks' WildFire technology are already protected from the threat. It's not certain whether Apple has been alerted or taken action.

In the interim worried Mac users concerned about this vector of attack may want to avoid saving credentials in the Keychain and not directly in a browser, and/or scrub browser caches on a regular basis.

9 Comments

jmey267 12 Years · 57 comments
About

It also attempts to steal text messages from iTunes backups, and passwords and credit cards saved in Chrome —but not in Safari. In some cases the combination of data could even let attackers bypass two-factor authentication at cryptocurrency sites, normally a strong deterrent.

So this is a Chrome issue then? Not mac OS?

flyghtms 12 Years · 9 comments
About

Little iSnitch is quite interesting.

kruegdude 13 Years · 340 comments
About

I know this is trivial but that headline image of an iPhone leading into a macOS article seems wrong to me. 

GeorgeBMac 8 Years · 11421 comments
About

This is why I maintain a completely separate financial computer that ONLY does finances and ONLY accesses known financial sites that I do business with.   In addition to using InPrivate browsing I delete all cookies after each use and never store IDs or passwords on the machine.  It also uses ethernet instead of WiFi to avoid the chance of a random Google mapping car scooping up my WiFi data.

Admittedly, it's overkill and it doesn't even guarantee safety, but increases the odds...

backstab 11 Years · 138 comments
About

Jeeze! That sounds nasty.

Read More on our Forums ->
 

Sponsored Content

article thumbnail

The best app to convert video to MP4 and compress 4K video on Mac

Top Stories

article thumbnail

HomeKit Smart doorbell with Face ID expected by 2026

article thumbnail

How Apple's smart home revolution begins in 2025

article thumbnail

AirPods could add temperature sensing, heart rate measuring, and a camera for Apple Intelligence

article thumbnail

Don't believe what you see on TikTok - AirDrop doesn't allow thieves to steal your credit card info

article thumbnail

Holiday 2024 MacBook Buyer's Guide — Which Mac laptop you should buy?

article thumbnail

Holiday coupon: save up to $300 on every 14" & 16" MacBook Pro M4