Monday, July 15, 2024
EHA

Mac Malware Steals Cookies & saved Passwords when Users Visiting Crypto Exchange Service Websites

A new dangerous Mac Malware discovered that stealing the cookies when users visiting a website that belongs to cryptocurrency exchanges and wallet service along with saved credentials from Chrome Browers.

“Web cookies are widely used for authentication. Once a user logs into a website, its cookies are stored for the web server to know the login status. If the cookies are stolen, the attacker could potentially sign into the website to use the victim’s account.”

Cybercriminals using various crypto mining malware to steal the cryptocurrencies in the exchange platform, in this case, researchers believe that the malware developed by OSX.DarthMiner.

Attackers can able to access the victim’s crypto exchange wallet and steal the funds if the victims will be compromised by this Mac malware.

Also based on the attack scenario that steals login credentials, web cookies, and SMS data, attackers bypass the multi-factor authentication.

It named as “Cookieminer” based on the malware nature that steals the Browser cookies that associate with the crypto wallet and exchanges.

Mac Malware Infection process

Initially, An attackers can inject the shell script into targeting MacOS and steal the Safari browser’s cookies and uploaded into remote server.

Mac Malware

Also, the malware targeting widely used well-known crypto exchanges including Binance, Coinbase, Poloniex, Bittrex, Bitstamp, MyEtherWallet, and any website having “blockchain” in its domain name such as www.blockchain[.]com.

This Mac Malware Also Targeting Google Chrome browser where it steals the stored passwords using a python script called harmlesslittlecode.py” that helps attackers to extract saved login credentials and credit card information.

According to Palo Alto Networks, “CookieMiner adopts techniques from the Google Chromium project’s code for its decryption and extraction operations and abuses them. Google Chromium is an open-source version of the Google Chrome browser. By abusing these techniques, CookieMiner attempts to steal credit card information from major issuers, such as Visa, Mastercard, American Express”

Once the Mac malware collects the relevant information then it communicate with C&C Server and upload the entire stolen data.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Website

Latest articles

Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code

A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as...

Singapore Banks to Phase out OTPs for Bank Account Logins Within 3 Months

The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS)...

GuardZoo Android Malware Attacking military personnel via WhatsApp To Steal Sensitive Data

A Houthi-aligned group has been deploying Android surveillanceware called GuardZoo since October 2019 to...

ViperSoftX Weaponizing AutoIt & CLR For Stealthy PowerShell Execution

ViperSoftX is an advanced malware that has become more complicated since its recognition in...

Malicious NuGet Campaign Tricking Developers To Inject Malicious Code

Hackers often target NuGet as it's a popular package manager for .NET, which developers...

Akira Ransomware Attacking Airline Industry With Legitimate Tools

Airlines often become the target of hackers as they contain sensitive personal and financial...

DarkGate Malware Exploiting Excel Files And SMB File Shares

DarkGate, a Malware-as-a-Service (MaaS) platform, experienced a surge in activity since September 2023, employing...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles