CookieMiner malware is a virus that exfiltrates web browser cookies related to cryptocurrency exchange websites
CookieMiner malware is an info-stealing virus that also mines cryptocurrency on the infected device. CookieMiner malware is a Mac virus that focuses on stealing cryptocurrency-related information, passwords, text messages or even credit card credentials to make the profit from the attack itself. This malware targets MacOS devices and tracks users habits online regarding online wallet services to collect needed information. Additionally, it uses backdoor functionalities and remote control feature of EmPyre backdoor to make the CookieMiner malware more persistent. Paolo Alto Networks' Unit 42 discovered this malware that was developed with lots of similarities to other miner called OSX.DarthMiner, which is also targeting Mac devices. This campaign installs other malware on the infiltrated device and affects the performance of your Mac with additional background processes.
|Working principle||Mine cryptocurrency using resources on the infected machine, steal credentials related to cryptocurrency wallet services|
|Danger level||High. Steals credit credentials, important passwords, and logins|
|Targets||Mac operating system supporting devices|
|Distribution||Spam email attachments, other malware|
|Removal tips||Use a reputable anti-malware program to remove CookieMiner malware and fix the virus damage with Reimage|
CookieMiner malware collects complex combinations of logins, text messages and web browser cookies. It all starts with a shell script that starts collecting cookies and uploads them to a remote server. Miner malware focuses on information regarding cryptocurrency services, as researchers who discovered this malware state in their report:
The attack targets cookies associated with cryptocurrency exchanges that include Binance, Coinbase, Poloniex, Bittrex, Bitstamp, MyEtherWallet, and any website having 'blockchain' in its domain name such as www.blockchain.com.
Data from Safari and Google Chrome browsers can be collected and stored by this CookieMiner malware. These two are the most popular web browser on the Mac operating system. Additionally, this virus finds iPhone message backups and extracts, copies, and stores them in interestingfiles.txt for later use. C&C server is used in these information collecting processes so that the attacker can retrieve this information remotely.
Reportedly this Cookie Miner is mining all popular cryptocurrencies, but it also mines Koto. The virus compromises the system and manages to use xmrig2 coin miner binary to mine Zcash-based Koto cryptocurrency. Cryptojacking helps to gain profit from the infected device and make money from victims when there is no valuable information to steal.
You can notice suspicious activity on the system, but you cannot easily find the CookieMiner malware itself. However, these are the red flags that indicate about cryptojacking malware existence:
- 100% of resources get used by suspicious processes;
- the device is slow and crashes often;
- the system is fully loaded;
- the machine heats up.
Since CookieMiner malware is running on the device all the time hardware parts on the machine can get overheated and damaged permanently. Also, there is a risk of even bigger damage because this virus uses backdoor functionalities and can let more dangerous cyber threats on your system.
You need to run a full system scan to find all processes and remove CookieMiner malware itself from the device. When this virus installs other malware and uses EmPyre backdoor functions, it can take full control of your computer.
Experts recommend using trustworthy anti-malware program for best results of CookieMiner malware removal. However, you may also need additional help after that, so find a reputable repair tool like Reimage and run it on the device to fix virus damage or other parts affected by this malicious program.
Malicious macros get enabled when you open the infected file on the system
Similar cyber threats like trojans or crypto malware get distributed via spam email campaigns when malicious actors disguise their products with questionable purposes as file attachments on safe-looking emails. Unfortunately, when you receive the email you were not expecting, you should delete that immediately without even opening the attachment.
When the MS Word or Excel, or a PDF document is opened, the user is suggested to enable the content that, in most cases, include those malicious macros and initiate the ransomware, trojan or malware infiltration. When the malicious payload is on the system, it launches the specific threat or spreads additional intruders on the device.
Get rid of CookieMiner malware and protect your data as soon as possible
Remember that CookieMiner malware virus is capable of stealing various personal and sensitive information besides all those valuable credentials and logins. Your iPhone text messages, file backups can be stolen by this intruder, and you won't even notice the activity.
You need to remove CookieMiner malware from the device using professional tools like anti-malware programs because this way you can eliminate all files and all different malware programs that get installed in this malicious campaign. You can choose a program from our suggestions or employ antivirus that you can trust but make sure to select the software provider wisely.
For CookieMiner malware removal, you should use tools like Reimage, Malwarebytes MalwarebytesCombo Cleaner, or Plumbytes Anti-MalwareMalwarebytes Malwarebytes and scan the system entirely. During this scan, the antivirus program can indicate all possible intruders, corrupted files or possibly infected applications. It takes only a few minutes, but all process can be ended this way.