A new Mac malware, dubbed CookieMiner, steals user browser data and financial information. The malware’s capabilities include:

  • Steals Google Chrome and Apple Safari browser cookies from the victim’s machine,

  • Steals saved usernames and passwords in Chrome,

  • Steals saved credit card credentials in Chrome,

  • Steals iPhone’s text messages if backed up to Mac,

  • Steals cryptocurrency wallet data and keys,

  • Mines cryptocurrency on the victim’s machine, and

  • Maintains control of the infected machine using the EmPyre backdoor.

Its ability to steal SMS data from iTunes backups creates the potential to bypass multi-factor authentication and impersonate the user from their own system.

Reporting and Technical Details

  • Palo Alto Network’s Unit 42 provides technical details on CookieMiner here.