A new kind of malware is attacking MacOS user now. Security researchers at Palo Alto Networks Unit 42 published a report about the newly-discovered cyber threat designed for Mac operating systems.
The malware is designed to steal Chrome or Safari cookies of cryptocurrency exchanges and wallet services, as well as saved passwords and credit cards in Chrome.
It also attempts to steal iPhone text messages from iTunes backups, which Unit 42 researchers said they believe could be used to bypass two-factor authentication (2FA) for cryptocurrency exchanges.
The malicious code targets exchanges including Binance, Coinbase, Poloniex, Bittrex, Bitstamp, and MyEtherWallet, as well as any website having “blockchain” in its domain name, the researchers found.
Like the older malware, the CookieMiner malware can modify computers so that they covertly install software for the purpose of cryptocurrency mining, in which computers perform online calculations to assist in authenticating cryptocurrency transactions.
In doing so, it generates digital tokens for the user as a reward. In this case, the CookieMiner malware will cause computers to “mine Koto, a lesser-known cryptocurrency that is associated with Japan,” the report said.
The researchers suggested that cryptocurrency users should keep “an eye on their security settings and digital assets to prevent compromise and leakage.” They also noted that the malware checks if an application firewall program called Little Snitch is running on a victim’s computer. “If so, it will stop and exit,” they said.
