CookieMiner malware (Removal Instructions) - Free Guide

CookieMiner malware Removal Guide

What is CookieMiner malware?

CookieMiner malware is a virus that exfiltrates web browser cookies related to cryptocurrency exchange websites

CookieMiner malwareCookieMiner malware is an info-stealing virus that also mines cryptocurrency on the infected device. CookieMiner malware is a Mac virus that focuses on stealing cryptocurrency-related information, passwords, text messages or even credit card credentials to make the profit from the attack itself. This malware targets MacOS devices and tracks users habits online regarding online wallet services to collect needed information. Additionally, it uses backdoor functionalities and remote control feature of EmPyre backdoor to make the CookieMiner malware more persistent. Paolo Alto Networks' Unit 42 discovered this malware that was developed with lots of similarities to other miner called OSX.DarthMiner, which is also targeting Mac devices.[1] This campaign installs other malware on the infiltrated device and affects the performance of your Mac with additional background processes.

Name CookieMiner malware
Type Cryptojacking malware[2]
Related Darth Miner
Working principle Mine cryptocurrency using resources on the infected machine, steal credentials related to cryptocurrency wallet services
Danger level High. Steals credit credentials, important passwords, and logins
Targets Mac operating system supporting devices
Distribution Spam email attachments, other malware
Removal tips Use a reputable anti-malware program to remove CookieMiner malware and fix the virus damage with FortectIntego

CookieMiner malware collects complex combinations of logins, text messages and web browser cookies. It all starts with a shell script that starts collecting cookies and uploads them to a remote server. Miner malware focuses on information regarding cryptocurrency services, as researchers who discovered this malware state in their report:

The attack targets cookies associated with cryptocurrency exchanges that include Binance, Coinbase, Poloniex, Bittrex, Bitstamp, MyEtherWallet, and any website having 'blockchain' in its domain name such as

Data from Safari and Google Chrome browsers can be collected and stored by this CookieMiner malware. These two are the most popular web browser on the Mac operating system. Additionally, this virus finds iPhone message backups and extracts, copies, and stores them in interestingfiles.txt for later use. C&C server is used in these information collecting processes so that the attacker can retrieve this information remotely.

Reportedly this Cookie Miner is mining all popular cryptocurrencies, but it also mines Koto. The virus compromises the system and manages to use xmrig2 coin miner binary to mine Zcash-based Koto cryptocurrency. Cryptojacking helps to gain profit from the infected device and make money from victims when there is no valuable information to steal.

You can notice suspicious activity on the system, but you cannot easily find the CookieMiner malware itself. However, these are the red flags that indicate about cryptojacking malware existence:

  • 100% of resources get used by suspicious processes;
  • the device is slow and crashes often;
  • the system is fully loaded;
  • the machine heats up.

Since CookieMiner malware is running on the device all the time hardware parts on the machine can get overheated and damaged permanently. Also, there is a risk of even bigger damage because this virus uses backdoor functionalities and can let more dangerous cyber threats on your system.[3]

You need to run a full system scan to find all processes and remove CookieMiner malware itself from the device. When this virus installs other malware and uses EmPyre backdoor functions, it can take full control of your computer.

Experts[4] recommend using trustworthy anti-malware program for best results of CookieMiner malware removal. However, you may also need additional help after that, so find a reputable repair tool like FortectIntego and run it on the device to fix virus damage or other parts affected by this malicious program.

CookieMiner malware virusCookieMiner virus is a malware that focuses on stealing credit credentials, browser cookies, and credit card credentials.

Malicious macros get enabled when you open the infected file on the system

Similar cyber threats like trojans or crypto malware get distributed via spam email campaigns when malicious actors disguise their products with questionable purposes as file attachments on safe-looking emails. Unfortunately, when you receive the email you were not expecting, you should delete that immediately without even opening the attachment.

When the MS Word or Excel, or a PDF document is opened, the user is suggested to enable the content that, in most cases, include those malicious macros and initiate the ransomware, trojan or malware infiltration. When the malicious payload is on the system, it launches the specific threat or spreads additional intruders on the device.

Get rid of CookieMiner malware and protect your data as soon as possible

Remember that CookieMiner malware virus is capable of stealing various personal and sensitive information besides all those valuable credentials and logins. Your iPhone text messages, file backups can be stolen by this intruder, and you won't even notice the activity.

You need to remove CookieMiner malware from the device using professional tools like anti-malware programs because this way you can eliminate all files and all different malware programs that get installed in this malicious campaign. You can choose a program from our suggestions or employ antivirus that you can trust but make sure to select the software provider wisely.

For CookieMiner malware removal, you should use tools like FortectIntego, SpyHunter 5Combo Cleaner, or Malwarebytes and scan the system entirely. During this scan, the antivirus program can indicate all possible intruders, corrupted files or possibly infected applications. It takes only a few minutes, but all process can be ended this way.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

How to prevent from getting mac viruses

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Julie Splinters
Julie Splinters - Anti-malware specialist

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Julie Splinters
About the company Esolutions