CookieMiner Malware for Mac Steals Credentials and Credit Card Data

Delaware, USA – February 5, 2019 – A new threat for Mac users is designed to steal credentials and browser cookies, as well as cryptocurrency wallet data and keys. At the end of last year, several new malware strains for Mac were discovered, and adversaries used some pieces of code from them to create CookieMiner. Researchers from PaloAlto Networks analyzed this malware and noted that it leverages EmPyre backdoor, has the capability of stealing credit card data and stored SMS and has a module to mine Koto cryptocurrency. CookieMiner’s primary task is to collect and exfiltrate to adversaries enough data to bypass two-factor authentication at wallet services and cryptocurrency exchanges, so malware monitors cookies in Safari and Chrome browsers and sends data related toMyEtherWallet, Bittrex and several other exchanges to the adversaries’ server. Theft of payment card data and cryptocurrency mining are additional means to monetize the attack. It is not yet known exactly how CookieMiner infects systems.

Recently, Mac users have attracted the increasing attention of cybercriminals, including APT groups. Last year, the Lazarus group attacked cryptocurrency exchange with Fallchill malware, and Windshift APT used WindTape malware to attack Mac users during a cyber espionage campaign. You can use APTFramework rule pack to secure your organization against advanced threats and highly-targeted attacks: https://my.socprime.com/en/integrations/apt-framework-arcsight