Mac malware steals login credentials to access cryptocurrency wallets

Hacks • February 1, 2019, 6:00PM EST

UPDATED: February 1, 2019, 2:43PM EST

New malware discovered by Palo Alto Networks’ Unit 42 is said to steal browser cookies and saved passwords of Mac users to retrieve login credentials for cryptocurrency exchanges and wallets. Researchers believe that the malware, which they’ve named CookieMiner, could potentially bypass multi-factor authentication on these sites, effectively granting attackers full access to a victim’s account.

According to the report, the malware looks through the victim’s browser cookies from Google Chrome and Apple Safari, as well as saved passwords and SMS records from iTunes backups, to find data associated with cryptocurrency wallets and exchange services.

Then, the malware loads the infected machine with coin mining software disguised as a Monero miner. Despite its appearance, the software is instead used to mine a less popular Zcash-based currency—Koto. Finally, CookieMiner downloads another script to grant the attackers remote control of the victim’s device.

More by Carol Gaszcz

Scammers send emails impersonating FCA, offering 'guaranteed' cryptocurrency investment opportunity

July 23, 2019, 12:31PM EDT

Bitcoin

49% of Americans have a cash-back credit card, survey shows

July 23, 2019, 11:20AM EDT

The Block

Bitcoin options 'in line with previous halvings' and bullishly pricing calls higher than puts: analyst

SEC charges Texas mining firm and co-founders for $5.6 million fraud scheme

Memecoin airdrops briefly cover cost of Solana ‘Chapter 2’ mobile phone

China's anti-graft watchdog probes former digital currency chief

Pantera acquires additional discounted Solana tokens in FTX bankruptcy auction: report

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro