New malware discovered by Palo Alto Networks’ Unit 42 is said to steal browser cookies and saved passwords of Mac users to retrieve login credentials for cryptocurrency exchanges and wallets. Researchers believe that the malware, which they’ve named CookieMiner, could potentially bypass multi-factor authentication on these sites, effectively granting attackers full access to a victim’s account.
According to the report, the malware looks through the victim’s browser cookies from Google Chrome and Apple Safari, as well as saved passwords and SMS records from iTunes backups, to find data associated with cryptocurrency wallets and exchange services.
Then, the malware loads the infected machine with coin mining software disguised as a Monero miner. Despite its appearance, the software is instead used to mine a less popular Zcash-based currency—Koto. Finally, CookieMiner downloads another script to grant the attackers remote control of the victim’s device.