Cryptocurrency markets may be struggling and have gone down by 80% in the last year but the efforts to steal them haven’t stopped. Now a new malware, nicknamed ‘CookieMiner’, has been discovered by Palo Alto Networks that, just as the name suggests, intercepts browser cookies from cryptocurrency exchanges and wallet providers website.
The malware was discovered by the Unit 42 team of Palo Alto Networks and is believed to be a derivative of OSX.DarthMiner, a known malware that targets Mac platform.
CookieMiner does more than just steal cookies
While the name would suggest it only steals cookies which can be used by the attacker to login to the victims’ exchange or wallet account and initiate a transfer, it does much more.
Apart from stealing cookies from Apple Safari and Google Chrome browsers, CookieMiner can
- Also steal saved username and passwords in Chrome,
- Credit card credentials stored in Chrome
- iPhone text messages that can be used to intercept 2FA codes and One-Time Passwords (OTP).
- Steal cryptocurrency wallet data and keys
- Installs a backdoor (EmPyre) to keep full control on the system
The malware also installs a coin-mining software on the system hidden from the victim, that mines an obscure crypto named Koto, suggesting the origins of the attackers may be in Japan.
This is particularly peculiar considering most hackers use Monero as it gives better privacy controls. In fact, according to a research, of all the Monero in circulation, hackers own 5%.
Clearly, the malware is designed to not just intercept sessions using cookie hijacking but also to help bypass the multi-factor authentication mechanisms.
Crypto market may be down, but crypto stealing is up
CookieMiner is just the latest in a series of threats that have emerged in recent times. While the cryptocurrencies market has shrunk by 80% from its peak of $600 billion, the amount of cryptocurrencies stolen has gone up by 400% to $1.7 billion compared to last year.
And these are figures that were validated as legimitate hacks, the unvalidated number is likely to be several folds higher.