Mac Malware Steals Cookies and Mines Cryptocurrency

Palo Alto discovered a new Mac malware, dubbed CookieMiner, which examines Safari and Chrome browser cookies, extracts login credentials and credit card information, and steals and trades the contents of cryptocurrency wallets. Since it also steals SMS data from iTunes backups, it could potentially be used to bypass multi-factor authentication and impersonate the user from their own system. It also loads a coinminer and enables threat actors to secretly mine for the Japanese anonymous cryptocurrency Koto. The NJCCIC advises users to avoid clicking on ads on webpages or popups; refrain from downloading any software from unofficial channels or sites; and ensure hardware, software, and anti-virus/anti-malware are up-to-date. We also recommend reviewing security settings and digital assets to prevent data compromise and leakage. Palo Alto provides technical details and behaviors of the CookieMiner malware here.