A new type of malicious code threatens Mac users, it’s called CookieMiner discovered by the Unit 42 team researchers. A name chosen for and modalities through which it puts the victims’ information and wallets at risk.
This is a variant of that OSX.DarthMine spotted on computers with macOS system last year, modified with the addition of some new features designed to better hit. His main activity is to look through the cookies saved by the browser browsing those related to some of the best known and used exchange for cryptocurrencies like Coinbase, Binance, Poloniex, Bittrex, Bitstamp and MyEtherWallet. It also attempts to steal passwords saved in Chrome and backups of messages sent or received via iPhones uploaded to the cloud server.
With a username, password, SMS and cookies, the bad guys are able to access the unfortunate wallets without much difficulty. Normally the only coupled username / password is not sufficient to successfully complete the login, at least for those who have enabled two-factor authentication, but being in possession of the cookie created by the browser, the service can be deceived by simulating you have already logged in previously and not getting the request for further evidence in response to verify the authorship of the account.
Malware and minerals for Koto
That’s not all: the malware also installs a miner in the victim’s computer, software that works silently and in the background to produce value in the form of cryptocurrency. Obviously the proceeds of this commitment do not end up in the pockets of the users affected, but are directed to a wallet whose owners remain in the dark.
For this reason the chosen currency is Koto, a crypto exchanged mainly within the Japanese territory and based on a protocol that makes it almost impossible to identify the recipients of the transactions, rather than Monero as it happens with other malicious software with similar functioning. The choice could also have been made in order to misdirect researchers or investigations by directing attention to Japan.