• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – APT10 Group Targets Multiple Sectors in Multiple Countries, Including Finance, IT and Energy sectors
February 1, 2019
REWTERZ THREAT Advisory – LibreOffice and OpenOffice Remote Code Execution Vulnerability
February 6, 2019

Rewterz Threat Alert – Malware Steals Cryptocurrency Wallets and Credit Card Credentials

February 6, 2019

SEVERITY : Medium

CATEGORY: Cyber-crime

CookieMiner is a new malware strain ex-filtrating web browser cookies related to online wallet services and crypto-currency exchange websites. It’s able to peek through passwords, text messages, and credit card credentials on Mac devices, reports BleepingComputer. For a codified and secure communication, these attackers use EmPyre Backdoor for sending arbitrary commands to the target Macs post initial infection.

The attack starts with a shell script which starts collecting browser cookies associated with cryptocurrency and uploads them to a remote server. The Malware mines for cryptocurrencies including Binance, Coinbase, Poloniex, Bittrex, Bitstamp, MyEtherWallet, and any website having a domain name associated with blockchain.

The malware extracts credit card information and login credentials through the data stored locally by both Apple’s Safari and Google’s Chrome. The malware is also designed to scan for wallet information.

IMPACT

  • Steals Google Chrome and Apple Safari browser cookies from the victim’s machine
  • Steals saved usernames and passwords in Chrome
  • Steals saved credit card credentials in Chrome
  • Steals iPhone’s text messages if backed up to Mac
  • Steals cryptocurrency wallet data and keys
  • Keeps full control of the victim using the EmPyre backdoor
  • Mines cryptocurrency on the victim’s machine.

INDICATORS OF COMPROMISE


IP(s) / Hostname(s)

46.226.108[.]171

URLs

hxxps://ptpb[.]pw/OAZG

Filename

  • OAZG
  • com[.]apple[.]rig2[.]plist
  • output[.]115113432[.]txt
  • com[.]proxy[.]initialize[.]plist
  • xmrig2
  • harmlesslittlecode[.]py
  • uploadminer[.]sh

Malware Hash (MD5/SHA1/SH256)

27ccebdda20264b93a37103f3076f6678c3446a2c2bfd8a73111dbc8c7eeeb71

91b3f5e5d3b4e669a49d9c4fc044d0025cabb8ebb08f8d1839b887156ae0d6dd

cdb2fb9c8e84f0140824403ec32a2431fb357cd0f184c1790152834cc3ad3c1b

ede858683267c61e710e367993f5e589fcb4b4b57b09d023a67ea63084c54a05

c65e65207f6f9f8df05e02c893de5b3c04825ac67bec391f0b212f4f33a31e80

485c2301409a238affc713305dc1a465afa9a33696d58e8a84e881a552b82b06


Remediation

Block the threat indicators at their respective controls. Do not save any credentials on these browsers.

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.