In order to overcome multi-factor authentication systems, a Trojan is supposed to pick up iPhone text messages as well as cookies and passwords.
A newly discovered Mac malware targets users of crypto exchanges. The “CookieMiner” baptized malicious software tries to copy all cookies from the browsers Safari and Chrome, which come from crypto exchanges – including Coinbase, Binance and MyEtherWallet and all websites with the word “Blockchain”, such as the security firm Palo Alto Networks’ Unit 42 lists.
Malware also interested in iPhone text messages
The malware is also out to read access data including passwords and stored credit card data from Google Chrome, collect data and keys from crypto-wallets and even tapping SMS messages that the user has received on his iPhone, according to an analysis of the malware , This is only possible if iPhone backups are backed up locally via iTunes on the Mac (unencrypted).
With this far-reaching combination of stolen data, attackers could even overcome the multifactor authentication systems of crypto exchanges, the security researchers believe – and thus gain complete access to victim’s accounts and wallets.
Distribution and route of infection unknown
By setting up a backdoor, CookieMiner maintains full control of the Mac, allowing it to take further commands from the remote attacker. It also checks whether security software for controlling outgoing network traffic is installed on the Mac, as Unit 42 notes. If so, the pest will not connect to the attackers’ servers. In addition, CookieMiner uses the infected Mac to mine the cryptocurrency Koto.
From the report of the security company is not clear, in which way the pest is distributed. Also for the infection there is no further indication, presumably the user must install the camouflaged malware manually. Mac malware continues to masquerade as a supposed flash update, installers are sometimes delivered over manipulated banners that can appear when calling any web page.
image by Shutterstock
TheBitcoinNews.com – leading Bitcoin News source since 2012
Virtual currency is not legal tender, is not backed by the government, and accounts and value balances are not subject to consumer protections. The information does not constitute investment advice or an offer to invest.
TheBitcoinNews.com is is not responsible for the content of external sites and feeds. Sponsored Guest posts, articles or PRs are not always flagged as this!
Do you want see your PR or Guest post here? Advertise with us : Advertise