New Mac Malware steals iPhone text messages from iTunes backups

The IT security researchers at Palo Alto Networks’ Unit 42 have discovered a dangerous new Mac malware capable of targeting devices for multi-purposes including stealing cryptocurrency.

Dubbed CookieMiner by researchers; the Mac malware is a variant of OSX.DarthMiner, another nasty piece of malware known for targeting MacOS. But, CookieMiner aims at much more than its predecessor.

See: 400% increase in cryptomining malware attacks against iPhones

According to researchers, the malware steals browser cookies and checks on the cryptocurrency exchanges the victim has visited. This allows CookieMiner’s authors to steal cryptocurrency. It then steals credit card credentials and passwords saved it victim’s Chrome browser however it is unclear if the malware targets any other browser than Chrome.

To keep its full control of the system CookieMiner also drops EmPyre, a backdoor that was discovered in December last year targeting Mac devices through Adobe Zii app designed to aid in the piracy of a variety of Adobe applications.

Furthermore, the malware aims at iTunes backups to steal iPhone text messages synchronized on the device. The researchers believe that the purpose of stealing iPhone text messages is to use them alongside stolen passwords to bypass multi-factor authentication on cryptocurrency exchanges and steal funds from wallets.

Another trick played by CookieMiner is that it executes a cryptomining software (file name: xmrig2) on the targeted device which the Palo Alto Networks’ researchers believe is similar to XMRig coinminer known for mining Monero cryptocurrency. However, in this case, the software mines Koto coins used by cryptocurrency exchanges in Japan.

The malware “CookieMiner” is intended to help threat actors generate profit by collecting credential information and mining cryptocurrency. If attackers have all the needed information for the authentication process, the multi-factor authentication may be defeated,” wrote Yue Chen, Cong Zheng, Wenjun Hu and Zhi Xu of Palo Alto Networks in their blog post.

It is worth mentioning that when a system mines cryptocurrency, it uses its CPU power which ultimately makes their computer’s speed slow and increases energy bills substantially.

See: Coldroot Mac Malware Silently Performs System-Wide Keylogging

Mac owners should be concerned about CookieMiner and increasing malware attacks against Apple devices. Just last week, hackers were found infecting devices with a Mac malware hidden in ad images.

Apparently, this is the first time that a Mac malware has been found stealing iPhone text messages from iTunes backups on the system. Therefore, Mac and cryptocurrency users should watch out and avoid downloading apps from third-party stores, refrain from executing files from unknown emails and scan your system regularly. Here is a list of 10 powerful anti-viruses for Mac and iPhone.

Did you enjoy reading this article? Kindly do like our page on Facebook and follow us on Twitter.

Related Posts