Beware! This malware can steal passwords, credit card info

If successful, the attackers would have full access to the victim's exchange account and/or wallet and be able to use those funds as if they were the user themselves.

Beware! This malware can steal passwords, credit card info
Web cookies are widely used for authentication. Once a user logs into a website, its cookies are stored for the web server to know the login status. Pixabay

Global cybersecurity company Palo Alto Networks has discovered a malware that is capable of stealing saved usernames and passwords in Google Chrome, saved credit card credentials in Chrome and iPhones text messages if backed up to a Mac.

The malware named "CookieMiner" is capable of stealing browser cookies associated with mainstream cryptocurrency exchanges and wallet service websites visited by the victims, said Unit 42, an arm of Palo Alto Networks. 

It steals saved passwords in Chrome and iPhone text messages from iTunes backups on the tethered Mac.

"By leveraging the combination of stolen login credentials, web cookies and SMS data, based on past attacks like this, we believe the bad actors could bypass multi-factor authentication for these sites," the researchers noted.

If successful, the attackers would have full access to the victim's exchange account and/or wallet and be able to use those funds as if they were the user themselves.

The malware also configures the system to load coinmining software on the system. 

Web cookies are widely used for authentication. Once a user logs into a website, its cookies are stored for the web server to know the login status. 

If the cookies are stolen, the attacker could potentially sign into the website to use the victim's account.

Watch This Zee Business Tweet Video

"Stealing cookies is an important step to bypass login anomaly detection. If only the username and password are stolen and used by a bad actor, the website may issue an alert or request additional authentication for a new login," said Unit 42 in a blog post on Thursday. 

However, if an authentication cookie is also provided along with the user name and password, the website might believe the session is associated with a previously authenticated system host and not issue an alert or request additional authentication methods.

Get Latest Business News, Stock Market Updates and Videos; Check your tax outgo through Income Tax Calculator and save money through our Personal Finance coverage. Check Business Breaking News Live on Zee Business Twitter and Facebook. Subscribe on YouTube.

RECOMMENDED STORIES

https://www.zeebiz.com/personal-finance/photo-gallery-epfo-retirement-pension-scheme-early-pension-superannuation-disablement-widow-child-orphan-pension-online-login-passbook-employee-provident-fund-327598

EPFO Pension Schemes: Early pension, retirement pension, nominee pension and 4 other pension schemes that every private sector employee should know

https://www.zeebiz.com/trending/news-rains-in-tamil-nadu-orange-alert-issues-for-november-26-regional-meteorological-centre-cyclone-south-andaman-sea-puducherry-karaikkal-327505

Tamil Nadu Weather News: Heavy rain likely in TN, orange alert issued for Nov 26

https://www.zeebiz.com/markets/stocks/photo-gallery-psu-and-largecap-shares-to-buy-short-term-bse-sensex-nse-nifty-pick-of-the-day-327460

Stocks to buy: Hindustan Aeronautics, Zomato, Tata Tech, GMR Airports among analysts' top picks

https://www.zeebiz.com/trending/photo-gallery-delhi-aqi-today-air-pollution-level-falls-to-very-poor-quality-schools-closed-work-from-home-started-in-office-government-bans-firecrackers-sale-on-ecommerce-sites-city-records-lowest-temperature-327481

Delhi AQI Today: Air quality index level drops; city records season's lowest temperature

https://www.zeebiz.com/markets/stocks/photo-gallery-largecap-psu-stock-power-grid-share-price-target-nse-bse-acquires-khavda-v-a-power-transmission-project-327494

120% return in 3 years: Largecap PSU stock gains as company announces acquisition - Do you own?

https://www.zeebiz.com/markets/stocks/photo-gallery-10-stocks-to-buy-under-rs-500-psu-largecap-midcap-smallcap-nse-nifty-bse-sensex-327566

Need Stocks to Buy Under Rs 500? Analysts bullish on 10 scrips for long term

https://www.zeebiz.com/personal-finance/photo-gallery-top-5-small-cap-mutual-funds-with-best-sip-xirr-returns-in-1-year-calculator-inr-rs-25000-monthly-investment-has-grown-to-355000-nifty-150-tri-bse-invesco-edelweiss-hsbc-franklin-nav-aum-327419

Top 5 Small Cap Mutual Funds with best SIP returns in 1 year: See how Rs 25,000 monthly investment has grown in each scheme

https://www.zeebiz.com/personal-finance/photo-gallery-top-7-sbi-sip-mutual-funds-with-highest-sip-return-xirr-in-1-year-capital-gains-calculator-how-inr-rs-25000-monthly-investment-has-grown-to-bse-sp-nifty-multi-large-health-tech-banking-326674

Top 7 SBI Mutual Funds With Best SIP Returns in 1 Year: Rs 25,000 monthly SIP investment in No.1 fund has jumped to Rs 3,58,404

Written By: IANS
Updated: Fri, Feb 01, 2019
12:25 PM IST
San Francisco, IANS
RELATED NEWS
57% of all fraud incidents in India now 'platform' frauds: Report 57% of all fraud incidents in India now 'platform' frauds: Report
How to prevent phishing and email scams - Top tips | Don't fall prey to online scams How to prevent phishing and email scams - Top tips | Don't fall prey to online scams
'Think before your click!' Why SBI says this to its customers? Check details here 'Think before your click!' Why SBI says this to its customers? Check details here
Warning from Modi government! Large-scale cyber attacks using COVID-19 as bait - What you must know Warning from Modi government! Large-scale cyber attacks using COVID-19 as bait - What you must know
Income Tax Refund ALERT! Beware - Did you get this SMS? You will lose your hard-earned money if you do this Income Tax Refund ALERT! Beware - Did you get this SMS? You will lose your hard-earned money if you do this

By accepting cookies, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.

x