Mac malware uses browser cookies to try to steal cryptocurrencies

New malware discovered by Unit 42 of Palo Alto Networks is expected to turn on a warning signal between Mac users who manage and mine cryptocurrencies.

Identified as CookieMiner, the malware is a variant of OSX.DarthMiner and basically uses cookies stored in browsers to try to capture login data (and even authentication keys) to steal cryptocurrencies such as Binance, Poloniex, Bitstamp and MyEtherWallet and other data from infected users.

It is designed to infect both Safari and Chrome, and can even access your digital wallets and capture passwords and credit cards stored on them (the data range is much greater in the case of Chrome, however). It also tries to steal messages stored on iPhone backups on iTunes.

Do you think it's over? No. The malware also takes the opportunity to install its own mining software on the user's machine, based on the (little known) Japanese cryptocurrency Koto.

Palo Alto Networks has already tried to protect users of its WildFire technology, at least while Apple does not block this threat by the macOS XProtect system. It is recommended that users clear cookies from their browsers and do not store login data for such cryptocurrencies locally.

via ZDNet