In order to overcome multi-factor authentication systems, a Trojan is supposed to pick up iPhone text messages as well as cookies and passwords.
A newly discovered Mac malware targets users of crypto exchanges. The “CookieMiner” baptized malicious software tries to copy all cookies from the browsers Safari and Chrome, which come from crypto exchanges – including Coinbase, Binance and MyEtherWallet and all websites with the word “Blockchain”, such as the security firm Palo Alto Networks’ Unit 42 lists.
Malware also interested in iPhone text messages
The malware is also out to read access data including passwords and stored credit card data from Google Chrome, collect data and keys from crypto-wallets and even tapping SMS messages that the user has received on his iPhone, according to an analysis of the malware , This is only possible if iPhone backups are backed up locally via iTunes on the Mac (unencrypted).
With this far-reaching combination of stolen data, attackers could even overcome the multifactor authentication systems of crypto exchanges, the security researchers believe – and thus gain complete access to victim’s accounts and wallets.
Distribution and route of infection unknown
By setting up a backdoor, CookieMiner maintains full control of the Mac, allowing it to take further commands from the remote attacker. It also checks whether security software for controlling outgoing network traffic is installed on the Mac, as Unit 42 notes. If so, the pest will not connect to the attackers’ servers. In addition, CookieMiner uses the infected Mac to mine the cryptocurrency Koto.
From the report of the security company is not clear, in which way the pest is distributed. Also for the infection there is no further indication, presumably the user must install the camouflaged malware manually. Mac malware continues to masquerade as a supposed flash update, installers are sometimes delivered over manipulated banners that can appear when calling any web page.
image by Shutterstock