Best Top Reviews Online

New Mac Malware Steals From Cryptocurrency Wallets Via Cookies

Mac users should be wary of newly discovered malware that attempts to withdraw funds from their cryptocurrency exchange accounts by stealing their web browser cookies and credentials.

CookieMiner was designed specifically to target Mac users and is believed to be based on DarthMiner, another Mac-specific malware that was discovered in December of last year.

CookieMiner, which was discovered by Palo Alto Networks’ Unit 42 security research team, also secretly installs coin mining software on infected Macs to mine additional cryptocurrencies using the compromised Mac’s system resources.

In the case of CookieMiner, the software appears to be optimized for mining “Koto,” a lesser-known, privacy-focused cryptocurrency primarily used in Japan.

However, the most intriguing feature of the new Mac malware is its ability to steal:

  • Popular cryptocurrency exchanges and wallet service websites are associated with cookies in both Google Chrome and Apple Safari.
  • Saved usernames, passwords, and credit card data in the Chrome web browser.
  • Data and keys about a cryptocurrency wallet.
  • iTunes backups store victims’ iPhone text messages.

Regarding the targeted cryptocurrency exchanges and wallet services, CookieMiner was found to target Binance, Coinbase, Poloniex, Bittrex, Bitstamp, MyEtherWallet, and any website containing “blockchain” in its domain name and employing cookies to temporarily track users.

By combining stolen login credentials, web cookies, and SMS data, an attacker could bypass two-factor authentication for exchange sites and steal cryptocurrencies from the victim’s wallets and accounts.

“If only the username and password are stolen and used by a malicious actor, the website may issue an alert or require additional authentication for a new login,” the researchers wrote in a Thursday blog post.

“However, if an authentication cookie is provided in addition to the username and password, the website may believe the session is associated with a previously authenticated system host and not issue a warning or request additional authentication methods.”

It should be noted that researchers have not yet discovered evidence that attackers have successfully withdrawn funds from any user’s wallet or account, but are speculating based on the behavior of the malware.

Furthermore? CookieMiner utilizes the EmPyre backdoor for post-exploitation control, enabling attackers to send remote commands to infected Mac computers.

EmPyre is a Python post-exploitation agent that stops and exits if it detects the Little Snitch application firewall running on the victim’s machine. It is also possible to configure the agent to download additional files.

Although it is unclear how the CookieMiner malware is initially distributed to victims, it is believed that users are tricked into downloading malware-infected software onto their computers.

Palo Alto Networks has already reported the issue to the targeted cryptocurrency exchanges and wallet services, as well as Apple and Google.

Since the researchers believe that the CookieMiner campaign is still active, the most effective way to avoid falling victim to such malware attacks is to avoid saving your credentials or credit card information in your web browsers and to avoid downloading apps from third-party platforms.

When visiting your banking or financial accounts, you should also consider clearing your cookies and “monitor their security settings and digital assets to prevent compromise and leakage,” according to researchers.

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus

Get more info



Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to As an Amazon Associate I earn from qualifying purchases.


Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of