CookieMiner Mac malware tries to steal your cryptocurrency – as well as mine more

CookieMiner is the latest Mac malware to be discovered. It’s highly targeted, using a clever technique to try to steal your cryptocurrency.

Discovered by security researchers from Palo Alto Networks’ Unit 42, it uses a two-fold attack method to obtain your login credentials and bypass two-factor authentication …

Author Ad Placeholder
Will only appear on redesign env.

TNW reports that CookieMiner tries to grab passwords saved in Chrome, alongside authentication cookies.

Security researchers from Palo Alto Networks’ Unit 42 have identified a new cryptocurrency stealing malware. What has been dubbed as “CookieMiner,” specifically targets Mac users and the cookies related to their logon credentials for cryptocurrency exchanges like Coinbase, Binance, Poloniex, Bittrex and Bitstamp, and Ethereum blockchain service, MyEtherWallet […]

It also attempts to steal passwords saved in Chrome […] Having a person’s login credentials usually isn’t enough to gain access to their account if they have 2FA enabled. However, if the hacker has their authentication cookies too, they can use these to make the login attempt appear as if it’s connected to a previously verified session. If so, the website won’t ask for the login attempt to be authenticated.

Neither technique is new, but Unit 42’s deputy director of threat intelligence Jen Miller-Osborn says it is the focus of this one that distinguishes it from earlier malware.

“There are a lot of coinminers and other malware in the wild and targeting credentials or cookies stored in browsers is not new,” Miller-Osborn added. “Targeting all of these with apparent focus on gaining access to cryptocurrency exchanges and trying to avoid [multi-factor authentication] protections is newer.”

The malware has one other trick up its sleeve: even if it fails to get its hands on your own cryptocurrency, it installs software to use your Mac to mine more without your knowledge.

We would advise to never store financial credentials in your browser, and Unit 42 also recommends clearing your browser caches after logging in to financial accounts.

Back in October, it was discovered that CoinTicker, a Mac app that displays the current price of Bitcoin and other cryptocurrencies in your menu bar, installs backdoors on your Mac that can be exploited in a wide variety of ways.

Photo: Shutterstock

Check out 9to5Mac on YouTube for more Apple news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel



Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear