Global cybersecurity company Palo Alto Networks has discovered a malware that is capable of stealing saved usernames and passwords in Google Chrome, saved credit card credentials in Chrome and iPhones text messages if backed up to a Mac.
The malware named "CookieMiner" is capable of stealing browser cookies associated with mainstream cryptocurrency exchanges and wallet service websites visited by the victims, said Unit 42, an arm of Palo Alto Networks.
It steals saved passwords in Chrome and iPhone text messages from iTunes backups on the tethered Mac.
"By leveraging the combination of stolen login credentials, web cookies and SMS data, based on past attacks like this, we believe the bad actors could bypass multi-factor authentication for these sites," the researchers noted.
If successful, the attackers would have full access to the victim's exchange account and/or wallet and be able to use those funds as if they were the user themselves.
The malware also configures the system to load coinmining software on the system.
Web cookies are widely used for authentication. Once a user logs into a website, its cookies are stored for the web server to know the login status.
If the cookies are stolen, the attacker could potentially sign into the website to use the victim's account.
"Stealing cookies is an important step to bypass login anomaly detection. If only the username and password are stolen and used by a bad actor, the website may issue an alert or request additional authentication for a new login," said Unit 42 in a blog post on Thursday.
However, if an authentication cookie is also provided along with the user name and password, the website might believe the session is associated with a previously authenticated system host and not issue an alert or request additional authentication methods.
Most modern cryptocurrency exchanges and online wallet services have multi-factor authentication.
"CookieMiner" tries to navigate past the authentication process by stealing a combination of the login credentials, text messages and web cookies.
"If the bad actors successfully enter the websites using the victim's identity, they could perform fund withdrawals," said the researchers.
Apple's Safari is not the only web browser targeted. Google Chrome also attracts the threat actors' attention due to its popularity.
"Cryptocurrency owners should keep an eye on their security settings and digital assets to prevent compromise and leakage," the report suggested.
--IANS
na/mr
Disclaimer: No Business Standard Journalist was involved in creation of this content
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app