In the wake of increased crypto related fraud, exchanges are burning their midnight oil to ensure their platforms are secure and free from infiltration. However, hackers seem to be gaining an edge with their tactics seemingly improving every day.
Just the other day, researchers at Palo Alto’s Networks threat intelligence team dubbed Unit 42 discovered a Mac- vulnerable malware that is able to filch cookies and other crypto related information vital to a user.
According to the researchers’ report published on Thursday, the malware tagged ‘Cookieminer’ has the ability to infiltrate browser cookies related to wallet service providers as well as crypto exchanges’ websites thereby getting away with information that may be crucial to the users and the exchanges at large.
“CookieMiner” tries to navigate past the authentication process by stealing a combination of the login credentials, text messages, and web cookies. If the bad actors successfully enter the websites using the victim’s identity, they could perform fund withdrawals. This may be a more efficient way to generate profits than outright cryptocurrency mining,” the report explained.
Much as usernames and passwords alone cannot necessitate withdrawal of funds at an exchange, a perfect combination of web cookies, SMS data, authentication cookies and login credentials can effect the victim’s fund withdrawal.
The recent past has seen a number of malware targeting crypto platforms dished out over the internet that enabled users to unknowingly install crypto mining software on their computers. ‘Cookieminer’ is however the first malware to target wallets and crypto exchange platforms putting users at direct risk.
According to the report, once in possession of login credentials, the perpetrators can easily bypass the 2-factor authentication thereby gaining full control of a user’s wallet.
“By leveraging the combination of stolen login credentials, web cookies, and SMS data, based on past attacks like this, we believe the bad actors could bypass multi-factor authentication for these sites. If successful, the attackers would have full access to the victim’s exchange account and/or wallet and be able to use those funds as if they were the user themselves, “the report said.
As a consequence, the researchers are advising crypto users to keep “an eye on their security setting and digital assets to prevent compromise and leakage”. In addition, they also urge users to ensure a firewall program dubbed Little Snitch is installed and running. They noted that it checks if the program is running and “if so, it will stop and exit.”