On 31 January 2019, Palo Alto Networks, an American multinational cybersecurity company based in California, published a report stating that a new malware was discovered targeting Apple’s Mac OS (Operating System).

The malware, called “CookieMiner”, could steal browser cookies from the Apple Safari and Google Chrome browsers that were used by crypto-related sites to track their users. The sites that were targeted by the malware include those of major crypto exchanges Binance, Coinbase, Bitstamp, Bittrex, Poloniex and MyEtherWallet. Additionally, any sites that had the keyword “blockchain” included in their domain names were also preys to the malware.

CookieMiner was also capable of stealing significant private information such as usernames, passwords or even credit card information if they were stored on the Chrome browser. While the Firefox and Microsoft Edge browsers were not tested, the Safari browser was confirmed to not be vulnerable to the attack. Jen Miller-Osborn, a deputy director of threat intelligence at the cybersecurity firm, theorized that Chrome because the browser was more popular and had a larger user base.

If the hackers manage to obtain these information and pair them up with data from intercepted cookies, they would be able to freely access victims’ accounts on crypto exchanges as well as crypto wallets, drawing out funds as they please.

The malware also installs a crypto mining software onto victims’ devices, mining a cryptocurrency associated with Japan known as Koto.

It was noted by the researches at Palo Alto Networks that the malware was intelligent and would first check whether the victims’ devices run Little Snitch, which is an application firewall program. If the remote access agent was running on a device, the malware could stop the program and exit it.

Miller-Osborn stated that the malware was most probably installed through apps outside of the Apple App store to prevent Apple’s review process to detect it. However, it was still unclear which specific apps contained the malware. She advised users to always clear their browser cookies, emphasizing when users finish visiting financial and crypto sites.