SEVERITY : Medium
CookieMiner is a new malware strain ex-ﬁltrating web browser cookies related to online wallet services and crypto-currency exchange websites. It’s able to peek through passwords, text messages, and credit card credentials on Mac devices, reports BleepingComputer. For a codiﬁed and secure communication, these attackers use EmPyre Backdoor for sending arbitrary commands to the target Macs post initial infection.
The attack starts with a shell script which starts collecting browser cookies associated with cryptocurrency and uploads them to a remote server. The Malware mines for cryptocurrencies including Binance, Coinbase, Poloniex, Bittrex, Bitstamp, MyEtherWallet, and any website having a domain name associated with blockchain.
The malware extracts credit card information and login credentials through the data stored locally by both Apple’s Safari and Google’s Chrome. The malware is also designed to scan for wallet information.
INDICATORS OF COMPROMISE
IP(s) / Hostname(s)
Malware Hash (MD5/SHA1/SH256)
Block the threat indicators at their respective controls. Do not save any credentials on these browsers.