Crypto wallets under threat from ‘CookieMiner’ malware

Cybersecurity experts are warning the crypto community about a new malware that can give hackers access to cryptocurrency exchanges and wallet service websites.

Palo Alto Networks’ global threat intelligence team Unit 42 recently discovered malware it has dubbed ‘CookieMiner’.

The malware is capable of stealing browser cookies associated with mainstream cryptocurrency exchanges and wallet service websites visited by the victims.

It also steals saved passwords in Chrome and iPhone text messages from iTunes backups on the tethered Mac.

A Unit 42 statement said: “By leveraging the combination of stolen login credentials, web cookies, and SMS data, based on past attacks like this, we believe the bad actors could bypass multi-factor authentication for these sites.

“If successful, the attackers would have full access to the victim’s exchange account and/or wallet and be able to use those funds as if they were the user themselves.”

Hidden software

The malware also configures the system to load coin mining software. This software is made to look like an XMRig-type coin miner, which is used to mine Monero.

But it actually loads a coin miner that mines Koto.

Unit 42 adds that attackers could manipulate cryptocurrency prices with large-volume buying and selling of stolen assets, resulting in additional profits.

In 2018, crypto mining overtook ransomware as the cybercriminal tool of choice.

Crypto mining attacks represented 27% of all incidents last year, up from 9% in 2017.

They are faster to execute, generate profit for the attacker over a longer period of time, and often can occur without the victim’s knowledge.