MAC malware ‘CookieMiner’ uses your cookies to steal your Bitcoin

31 Jan, 2019 | Updated: 01 Feb, 2019
by Joeri Cant
MAC malware ‘CookieMiner’ uses your cookies to steal your Bitcoin

MacOS users be aware! You are being targetted. Security researchers from Palo Alto Networks’ Unit 42 discovered a new malware that is trying to steal your cryptocurrencies.

According to a report by Unit 42, the new cryptocurrency stealing malware, CookieMiner, targets MacOS users and steals the cookies related to their logon credentials for cryptocurrency exchanges like Coinbase, Binance, Poloniex, Bittrex, Bitstamp, and MyEtherWallet, which is an interface connecting to the Ethereum blockchain.

Just to be clear: we are not talking about the infamous Cookie Monster from Sesame Street.

Read more: Cookie Monster's thoughts on Bitcoin

CookieMiner is also able to steal your passwords saved in Chrome, and your saved text messages in iTunes backups.

Unit 42’s deputy director of threat intelligence Jen Miller-Osborn said that the focus of this particular malware distinguishes it from other malwares.

'There are a lot of coinminers and other malware in the wild and targeting credentials or cookies stored in browsers is not new. Targeting all of these with apparent focus on gaining access to cryptocurrency exchanges and trying to avoid multi-factor authentication protections is newer.'

Unit 42 security researchers believe the recently discovered malware has been developed from OSX.DarthMiner, a malware known to target the Mac platform.

'By leveraging the combination of stolen login credentials, web cookies, and SMS data, based on past attacks like this, we believe the bad actors could bypass multi-factor authentication for these sites', the researchers said.

'If successful, the attackers would have full access to the victim’s exchange account and/or wallet and be able to use those funds as if they were the user themselves.'

On top of this, if the malware fails to get its hands on your cryptocurrency, it will install software to use your Mac to mine crypto without your knowledge.

At this point we wish we were talking about Cookie Monster from Sesame Street.

Update February 1: Founder and CEO of MyEtherWallet Kosala Hemachandra responded to the claims: MEW (MyEtherWallet) is not a cryptocurrency exchange but an interface to interact with the Ethereum blockchain. We do not use cookies so this malware - which steals browser cookies associated with websites visited by users and passwords saved on Chrome - will not affect our users as long as they do not save their passwords with Chrome.

To safeguard against such security compromises, we encourage users to opt for hardware wallets or easy-to-use solutions like MEWconnect."

Follow Chepicap now on Twitter, YouTubeTelegram and Facebook!


Have you ever been a victim of crypto-related malware?

(4 votes)

Add a comment

Check out the latest news

You will be logged out and redirected to the homepage