CookieMiner

CookieMiner is a malware that steals a user’s sensitive data, opens a backdoor on infected machines and downloads and executes a cryptominer. It is then able to do the following:

Steal cookies of Chrome and Safari browsers
Steal Usernames and Passwords stored in Chrome
Steal credit card credentials stored in Chrome (such as Visa, Mastercard and more)
Steal iPhone SMS messages if it was backup to iTunes
Download and install additional files to have a backdoor on the infected machine
Download and execute the cryptominer program.

Source: PaloAlto

Below we can see a piece of the malware code that extracts the saved Username and Password from Chrome:

Source: PaloAlto

For remote control, CookieMiner will download EmPyre, an open source post-exploitation control tool (https://research.checkpoint.com/macos-malware-pedia/#empyre)

Source: CheckPoint

Links:

Mac Malware Steals Cryptocurrency Exchanges Cookies

Samples:
587ca10c466b1793a03cf23203bcb751c3633718

Share this: