“Palo Alto Networks’ Unit 42 recently discovered malware that we believe has been developed from OSX.DarthMiner, a malware known to target the Mac platform,” Palo Alto Networks reports. “This malware is capable of stealing browser cookies associated with mainstream cryptocurrency exchanges and wallet service websites visited by the victims. It also steals saved passwords in Chrome. Finally, it seeks to steal iPhone text messages from iTunes backups on the tethered Mac.”
“By leveraging the combination of stolen login credentials, web cookies, and SMS data, based on past attacks like this, we believe the bad actors could bypass multi-factor authentication for these sites,” Palo Alto Networks reports. “If successful, the attackers would have full access to the victim’s exchange account and/or wallet and be able to use those funds as if they were the user themselves.”
“The malware also configures the system to load coinmining software on the system. This software is made to look like an XMRig-type coinminer, which is used to mine Monero. In fact, though, it loads a coinminer that mines Koto, a lesser-known cryptocurrency that is associated with Japan,” Palo Alto Networks reports. “Because of the way this malware attacks the cookies associated with exchanges, we have named this malware ‘CookieMiner.'”
Read more in the full article here.
MacDailyNews Take: Cryptocurrency owners, beware! The full article contains further details, including indicators of compromise.