‘Palo Alto Network Unit 42’ researchers published a report about a recently active cyber-threat that has affected many Mac OS. They called it a dubbed Cookieminer since its primary goal is to stealing browsing cookies related to cryptocurrency wallets.
Cookieminer has huge capabilities to trigger all kind of personal data as well as furtive execution of a crypto-mining malware on the system to maximum profits. It also aims to generate revenue by abusing the affected computers’ resources to mine cryptocurency koto- very popular in Japan.
By looking the extreme behavior of the Cookieminer, it seems that the bad actors behind this threat might scan the ‘two-factor authentication security measures’:
“Stealing cookies is an important step to bypass login anomaly detection. If only the username and password are stolen and used by a bad actor, the website may issue an alert or request additional authentication for a new login. However, <…> the website might believe the session is associated with a previously authenticated system host and not issue an alert or request additional authentication methods.”
This could result in massive financial loss to the users, and this is the main reason why the Cookieminer seems to be so dangerous.
Cookieminer steal various sensitive details
It is unknown the exact way through which this the Cookieminer intrudes, however, it is believed that it is delivered with the help of applications on third-party websites. Upon getting installed, it collects the Safari browser cookies and then surveys these cookies to cryptographic exchange sites including MyEtherWallet, Bittrex, Poloniex, Binance, Coinbase, Bitstamp or other sites that have blockchain.
Cookiminer also targets Google Chrome and manages to trigger stored sensitive details including logins details credit card information etc. It uses ‘harmlesslittlecode.py’ and the weakness of Chromium-open project of Google Chrome.
Apart from this, it even obtains the data from ipone backups, iphones SMS messages together with usernames, passwords, and keys for cryptocurrency wallets. It manages to create command and control server and share all such detail to the bad actors behind this threat. The command and control under their control not only means that they can easily can personal information but also indicates some more python-based scripts intrusions.
To sum up, Cookieminer is a sophisticated threat that can cause financial issues as well as compromised one’s identity. Additionally, being a Mac user, you should think that you are safe from malware. The hackers know that MacOS has also been used worldwide so better to protect yourself from unwanted consequences, stay from dubious websites and employ reputable security application with real time protection feature so as you will succeed in avoid intruding dangerous threat like Cookieminer.