Malware that steals from Crypto Wallets of Mac Users


PaloAlto Networks recently discovered a Malware that steals from crypto wallets . This Malware targets Mac users to steal contents of their cryptocurrency wallets. It generally steals the Browser’s cookies associated with the Credentials of the cryptocurrency wallet.

The malware is named “cookieminer” because of its ability to steal Browser cookies associated with the Cryptocurrency wallet services.


This Malware targets :

  • Google Chrome and Apple Safari browser’s cookies associated with cryptocurrency exchange and wallet service websites.
  • Usernames, passwords and Credit card information saved in Chrome web browser.
  • Cryptocurrency wallet data and keys.
  • iPhone’s text messages of victims stored in iTunes backups.

It is currently unknown how this Malware gains unauthorized access to systems , But once it gets into the system, the malware scans cookies to check if they are linked with any cryptocurrency service website.

Some target sites that this malware scans for are Binance, Coinbase, Poloniex, Bittrex, Bitstamp and MyEtherWallet. This malware then uses a simple shell script operation to steal browser cookies, then uploads them to a remote server.

Attackers can now simply impersonate the victim and login into their accounts without any suspicion.

Once the hacker login to the victim’s account then the hacker have the same privileges as the original user did although users can prevent this from happening by securing their accounts with good security mechanisms.

This malware not just steals cookies but also plants a Cryptojacker into the Compromised OSX machines, enabling Hackers to secretly mine digital currency using the compromised computer’s resources. This malware mines privacy-focused cryptocurrency called koto, used in Japan.

The CookieMiner also plants a script for persistence and remote control of the compromised machine after sending the cookie files to the remote server , Allowing themselves to completely own the target computer for further attacks. Although this all currently appears to be related to mining.

How to be safe?

Cryptocurrency owners should keep an eye on their security settings and digital assets to prevent compromise and leakage.

Leave a Reply

Your email address will not be published. Required fields are marked *

Single Column Posts

Single Column Posts Subtitle