A new Mac malware, dubbed CookieMiner, steals user browser data and financial information. The malware’s capabilities include:
Steals Google Chrome and Apple Safari browser cookies from the victim’s machine,
Steals saved usernames and passwords in Chrome,
Steals saved credit card credentials in Chrome,
Steals iPhone’s text messages if backed up to Mac,
Steals cryptocurrency wallet data and keys,
Mines cryptocurrency on the victim’s machine, and
Maintains control of the infected machine using the EmPyre backdoor.
Its ability to steal SMS data from iTunes backups creates the potential to bypass multi-factor authentication and impersonate the user from their own system.
Reporting and Technical Details
Palo Alto Network’s Unit 42 provides technical details on CookieMiner here.