Chapter 42, the global threat intelligence team Palo Alto Network, unveiled Mac malware that can steal cookies related to encryption exchange and purses.
Although usernames and passwords may not be enough to start decrypting, if hackers can steal a combination of login credentials, web cookies, authentication cookies, and SMS data, it could steal user funds.
“CookieMiner tries to move forward through the authentication process, stealing a combination of login credentials, text messages, and web cookies. If bad participants successfully enter websites through the victim's identity, they could take out the funds. This can be a more effective way to make a profit than a cryptocurrency mining. "
Why this special cryptographic software is dangerous
Over the past 12 months, many cryptographic targeting programs have been released mainly to install cryptocurrency extraction software on the CPU.
Mac malware discovered by Unit 42, called CookieMiner, is the first to focus on digital asset exchange and wallet users.
In 2017, cyber security company Symantec unveiled computer malware that changed the addresses of Ethereum in wallets and swaps to redistribute funds.
It intelligently led the victims to send funds to the address of the malicious software creator Ethereum, creating tens of thousands of addresses and replacing the victim's address with what reminds him.
But, CookieMiner directly draws a cryptocurrency purse and exchanges users, stealing credentials and manually logging into digital asset platforms to remove or redistribute funds.
It is difficult to stop malware operators who apply for cryptocard shifts or victims' safes when they receive authentication cookies and SMS data, as it can bypass hackers by two-factor authentication (2FA).
Chapter 42 Team said:
“Using a combination of stolen login credentials, web cookies, and SMS data based on previous attacks, we believe that bad participants could circumvent multi-factor authentication of these factors. If successful, attackers would have full access to the victim's exchange account and / or wallet and would be able to use these funds as if they were the users themselves. ”
As of February 2, no malicious users were reported, but it can steal a wide range of sensitive data including Google Chrome and Apple Safari browser cookies, saved usernames and passwords, text messages related to Mac, and cryptographic safe deposit data and keys.
If malicious software operators obtain a private key or authentication cookie that is used in a safe or exchange, victims can do little to stop the attack.
In non-encrypted safes, where users need to keep their backup data and private keys, theft is virtually impossible to stop if private keys are stolen.
Samsung reports that creating a cryptic safe is the first step
As reported by South Korean local publications, including Korean Herald, Samsung has already started the process of developing and integrating a digital active wallet into the Galaxy S10.
Some reports said this week that Samsung Pay, the company's leading digital payment app, used by over ten million users worldwide, is managing the integration of a cryptic wallet.
Galaxy s10 with cryptographic safe? pic.twitter.com/6IICujXEnm
– Gregory Blake (@ GregiPfister89) January 22, 2019
In most mobile devices, the Trusted Enforcement Environment (TEE), storage outside the core system, prevents hackers from accessing confidential data during a security breach.
Thus, if the TEE stores the private keys of the wallet or data related to the exchange of cryptocards, hackers cannot steal the data.
Researchers in Chapter 42 stated that users of digital asset exchanges and wallets should be more cautious with security settings to prevent data leakage.
Special image from Shutterstock