Cookieminer detected, new malware for mac%%
Table of contents:
- CookieMiner: A new malware for Mac
- Additional dangers
- How you gain access
- Risks and precautions
- recommendations
The research team at Unit 42 at Palo Alto Networks has discovered a new Mac malware. Designed to steal browser cookies and credentials, this would be an attempt to withdraw funds from cryptocurrency exchange accounts.
CookieMiner: A new malware for Mac
Called CookieMiner for its ability to steal cookies related to cryptocurrency exchanges, the malware has been specifically designed to target Mac users. Researchers believe it has been based on DarthMiner, another Mac malware detected in December 2018.
Additional dangers
CookieMiner also secretly installs coin mining software, to get infected Macs to provide additional cryptocurrencies. In the case of CookieMiner, it is apparently designed to mine " Koto ". This is a lesser-known and security-oriented cryptocurrency mainly used in Japan.
Even so, the most interesting capabilities of the new malware is to steal:
- Cookies from Chrome and Safari browsers associated with the most popular web services for exchanges and cryptocurrency wallets. Usernames, passwords and credit card information saved in the Chrome browser. Data and keys of cryptocurrency portfolios. Backup copies of the victim's iPhone SMS to iTunes.
CookieMiner has been found to target Binance, Coinbase, Poloniex, Bittrex, Bitstamp, MyEtherWallet and any website with 'blockchain' in the domain, and to also use cookies to temporarily track its users.
How you gain access
Using the combination of stolen credentials, web cookies and SMS it would be possible for an attacker to skip even 2-step authentications.
It should also be noted that there is still no evidence that attackers have successfully stolen any funds, but they are speculating based on observed behavior.
Risks and precautions
Furthermore, CookieMiner also uses the EmPyre backdoor for post-exploitation control, allowing attackers to remotely take control of the Mac system.
EmPyre is a Python agent that checks if the Little Snitch application is active, in which case it stops and exits. Attackers can also configure this agent to download additional files.
Although the infection route is not yet clear, it is believed that the vector is a software download that deceives users.
Palo Alto Networks has already contacted Google, Apple, and the target crypto services to report the problem.
recommendations
Since the campaign is believed to be still active, the best way to prevent it is to avoid saving your credentials or credit card information within web applications. And of course, don't download third-party apps.In addition, we recommend clearing cookies when you visit financial or banking services and keeping an eye on your security settings. Via The Hacker News Source Unit 42 MalwareBytes lab
Malware that affects detected mac
Malware that affects Mac detected. DOK is a new virus that is only affecting Mac computers. Find out how it works here.
Ghostctrl: new malware detected on android
GhostCtrl: New malware detected on Android. Find out more about this malware that has been detected on Android devices.
A large number of specter and meltdown-based malware have already been detected
AV-Test researchers identified between January 7 and 22, 119 new types of malware related to Specter and Meltdown.