Mac malware steals login credentials to access cryptocurrency wallets

New malware discovered by Palo Alto Networks’ Unit 42 is said to steal browser cookies and saved passwords of Mac users to retrieve login credentials for cryptocurrency exchanges and wallets. Researchers believe that the malware, which they’ve named CookieMiner, could potentially bypass multi-factor authentication on these sites, effectively granting attackers full access to a victim’s account.


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

According to the report, the malware looks through the victim’s browser cookies from Google Chrome and Apple Safari, as well as saved passwords and SMS records from iTunes backups, to find data associated with cryptocurrency wallets and exchange services.

Then, the malware loads the infected machine with coin mining software disguised as a Monero miner. Despite its appearance, the software is instead used to mine a less popular Zcash-based currency—Koto. Finally, CookieMiner downloads another script to grant the attackers remote control of the victim’s device.