Unit 42 Finds New MacOS Mining Malware ‘CookieMiner’ Uses Your Cookies to Steal Your Crypto

A new kind of malware is attacking MacOS user now. As reported by The Next Web’s Hard Fork, the researchers from Palo Alto Network’s Unit 42 have discovered a new threat for crypto users.

This new kind of malware has been called “CookieMiner” and it targets specifically Mac users instead of the most common victim, Windows users. Basically, the malware steals your cookies related to logon credentials and then use it to steal your money from wallets and exchanges. Companies like Bitstamp, Coinbase, Poloniex, Binance and MyEtherWallet are among the main victims.

According to the reports, the new malware was uncovered after the researchers examined OSX.DarthMiner, which appeared last year. Jen Miller-Osborn, the deputy director of threat intelligence at Unit 42 has affirmed that it was a new variant that called the attention of the team.

He affirmed that the malware was able to steal passwords from Chrome and text messages stored in iTunes as well. The attackers would then use all the information that was stolen from the user in order to get their cryptos.

The problem with cookies is that only login credentials are not enough if you have 2-factor authentication enabled. Unfortunately, with cookies, one could make the login attempts look as if they were made before, so 2FA would not be required in order to steal the money.

Old Schools Methods Used For Crypto

Miller-Osborn believes that this is a big proof that the hackers are now using oldschool methods in order to steal the cryptos from their victims, as stealing cookies is not necessarily the newest strategy in the world. However, these methods are tweaked in order to serve this new objective.

The program is even sneakier than it seems. It installs coin mining software on the victim’s computer, so it is able to steal from the person twice. First, it steals the tokens and then the power from the person.

According to the reports made by the team, the crypto jacking software is similar to a XMRIG coin miner which is used to mine the favorite token of criminals, Monero, which is generally choosen because it is impossible to track. However, this version mines Koto, a very small and almost irrelevant Japanese altcoin. Koto is a privacy coin as well, though, as it would be expected.

At the moment, the team was not able to determine who was behind the threat. The team believes, because of the Koto tokens being mined, that it might have some relationship with Japanese hackers but it is still too early to tell.

The most common ways to protect yourself from this kind of threat, the unit believes, is to never use credit card information within your browser, as this is one of the most common attack vectors that the criminals use to steal the money.

Also, clearing your web cache regularly could also be a very useful way to protect yourself from problems that might arise from having your cookies stolen.