Palo Alto Networks Unit 42 security researchers have discovered a new type of malware designed to steal cryptographic currency. CookieMiner focuses specifically on MacBooks and the cookies associated with their login details for crypto fairs such as Binance, Bitstamp, Bittrex and Coinbase.
The new malware was discovered after the researchers looked at the infamous OSX.DarthMiner, which was discovered last year. We became interested because it is a new variant with additional functionality, researcher Jen Miller-Osburn informs Hard Fork.
Steal login data
The malware focuses specifically on the login details of the various crypto fairs. At the same time, CookieMiner also tries to steal passwords stored in Chrome, as well as text messages stored in iTunes backups. Once the attackers have obtained that information, they can quite easily steal cryptographic currency from victims’ accounts.
Just stealing the login details of users of crypto fairs is not enough. After all, many of them have called in 2FA. But if a hacker also holds the authentication cookies, the hackers can pretend that the session has already been confirmed. The site will then think that the user has already been confirmed.
According to Miller-Osborn, the malware is a type of attack that uses old malware attacks to achieve success in the age of cryptic currency. There are a lot of coinminers and other malware and the abuse of credentials and cookies stored in the browser is nothing new, says Miller-Osborn. However, attackers who use it to access crypto fairs and at the same time try to circumvent protection measures are newer.
Japanese cryptic currency mines
But stealing login details and cookies isn’t everything. The malware also installs a mineral on the victim’s system. This is the XMRIG engine, which is usually aimed at generating monero. In this case, however, the mineral focuses on the Japanese cryptographic currency kolo. However, according to Miller-Osburn, there is not enough data to indicate who is behind it or where it is located.
Miller-Osborn does not recommend that people save crypto exhibition log-in data in their browser. People regularly need to clear the cache of their browser, especially if they are logged in to a financial or other sensitive account. This is done quickly and ensures that data is not stored in web browsers.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.