MAC malware ‘CookieMiner’ uses your cookies to steal your Bitcoin

31 Jan, 2019 | Updated: 01 Feb, 2019
by Joeri Cant
MAC malware ‘CookieMiner’ uses your cookies to steal your Bitcoin

MacOS users be aware! You are being targetted. Security researchers from Palo Alto Networks’ Unit 42 discovered a new malware that is trying to steal your cryptocurrencies.

According to a report by Unit 42, the new cryptocurrency stealing malware, CookieMiner, targets MacOS users and steals the cookies related to their logon credentials for cryptocurrency exchanges like Coinbase, Binance, Poloniex, Bittrex, Bitstamp, and MyEtherWallet, which is an interface connecting to the Ethereum blockchain.

Just to be clear: we are not talking about the infamous Cookie Monster from Sesame Street.

Read more: Cookie Monster's thoughts on Bitcoin

CookieMiner is also able to steal your passwords saved in Chrome, and your saved text messages in iTunes backups.

Unit 42’s deputy director of threat intelligence Jen Miller-Osborn said that the focus of this particular malware distinguishes it from other malwares.

'There are a lot of coinminers and other malware in the wild and targeting credentials or cookies stored in browsers is not new. Targeting all of these with apparent focus on gaining access to cryptocurrency exchanges and trying to avoid multi-factor authentication protections is newer.'

Unit 42 security researchers believe the recently discovered malware has been developed from OSX.DarthMiner, a malware known to target the Mac platform.

'By leveraging the combination of stolen login credentials, web cookies, and SMS data, based on past attacks like this, we believe the bad actors could bypass multi-factor authentication for these sites', the researchers said.

'If successful, the attackers would have full access to the victim’s exchange account and/or wallet and be able to use those funds as if they were the user themselves.'

On top of this, if the malware fails to get its hands on your cryptocurrency, it will install software to use your Mac to mine crypto without your knowledge.

At this point we wish we were talking about Cookie Monster from Sesame Street.

Update February 1: Founder and CEO of MyEtherWallet Kosala Hemachandra responded to the claims: MEW (MyEtherWallet) is not a cryptocurrency exchange but an interface to interact with the Ethereum blockchain. We do not use cookies so this malware - which steals browser cookies associated with websites visited by users and passwords saved on Chrome - will not affect our users as long as they do not save their passwords with Chrome.

To safeguard against such security compromises, we encourage users to opt for hardware wallets or easy-to-use solutions like MEWconnect."

Follow Chepicap now on Twitter, YouTubeTelegram and Facebook!


Have you ever been a victim of crypto-related malware?

(4 votes)

Add a comment

Have you lost your hard earned money to;
1.Binary option scam?
2. Forex trading?
3.Romance scam
and any other kind of online investment? 
I have a good news for you.
Contact; recbtc17 at g mail com
I had doubts it was possible to recover the funds I lost to binary options. However,big thanks to wealth recovery now for helping me recover a huge sum back and still working on full recovery for me.
Note that; I didn’t have to make any upfront payment for service and payment after recovery is voluntarily. They are nothing but the best. You should contact them!
31 Jan, 2019 - 23:37
i am not surprised by the fact that there is some kind of malware that attacks users of poloniex. this exchange is known for having low level of security
15 Feb, 2019 - 07:16
Do not take any Bonus offer from your broker or your manager, do not allow your broker manager trade on your behalf. That is how they manipulate traders funds. If you need assistance with retrieving your lost fund from your broker or Your account has been manipulated by your broker manager or maybe you are having challenges with withdrawals due to your account been manipulated. Kindly get in touch with me on (
) and I will guide you on simple and effective steps to take in getting your entire fund back.?
09 Apr, 2019 - 00:39

Check out the latest news

You will be logged out and redirected to the homepage