According to experts, the objects of the attack of the malicious code are the Binance, Coinbase, Poloniex, Bittrex exchanges, the MyEtherWallet purse provider, as well as any websites whose domain name contains the word blockchain.
The virus also attempts to steal credit card information, saved logins and passwords in the Chrome browser, text messages from the iPhone, copies of which are stored by iTunes, as well as keys to cryptocurrency wallets. In the case of a successful hacking attempt, attackers can gain access to the accounts of victims on cryptocurrency exchanges and their crypto wallet, and use this to steal funds.
“CookieMiner is trying to go through the authentication process by stealing a combination of data, which includes: credentials (text and login), text messages and cookies,” the researchers explain.
As follows from the report, in addition to data theft, the virus changes the configuration of the operating system and runs on the device hidden mining cryptocurrency. The script works on the same principle as the numerous viruses that extract Monero, but unlike them, mine the Koto cryptocurrency.
The study authors recommend cryptocurrency owners to “monitor security settings to prevent compromise and data leakage.” Also, according to Palo Alto Networks experts, Little Snitch firewall can protect against malware, because the virus checks whether this application is running, and if it detects it, it “stops and quits.”