CookieMiner

Posted: February 1, 2019

CookieMiner is a crypto-mining Trojan and spyware bundle that hijacks your hardware for making cryptocurrency, along with collecting information. CookieMiner targets data related to account and transaction authentication especially and is specific to the OS X environment. Users of that OS should have appropriate anti-malware tools remove CookieMiner before changing all potentially compromised security information immediately.

This Cookie is Sweet on Your Security Info

A new mining Trojan that some speculate is a branch off of the previous 'DarthMiner' is attacking Mac's OS X users. While OS X malware is less prominent than Windows equivalents, CookieMiner demonstrates the financial viability of bundling multiple methods of exploiting compromised systems together. Besides taking advantage of the Empyre backdoor Trojan's controlling capabilities, it also mines for money and collects everything from passwords to 2FA alerts.

CookieMiner uses the PC's hardware for generating Koto cryptocurrency, which is specific to Japan. Much of the rest of its payload also displays a high interest in cryptocurrencies: CookieMiner collects cookies related to cryptocurrency exchange and wallet service domains, usernames, passwords, and credit card information, and cryptocurrency wallet and key data. The browser-malware experts also confirm CookieMiner's taking any iPhone text messages that are backed up to the computer via iTunes.

The last feature could be CookieMiner's enduring claim to relative infamy since it corresponds with the Trojan's efforts to bypass 2FA or multiple-authentication security. Such steps, while not likely of succeeding statistically, demonstrate significant creativity and diligence on the part of CookieMiner's authors, and most users wouldn't expect such a degree of account infiltration.

Blowing Up the Mining System that's Going for Your Digital Treasure

CookieMiner is another example of a miner Trojan exploiting XMRig, the Monero-oriented NRSMiner, the threat-dropping SmokeLoader, and the file-locker Trojan of Black Ruby Ransomware. Besides its built-in threat-supporting capabilities, CookieMiner also includes some Trojan downloader features that may cause additional attacks against the PC that are well beyond this article's focus. Remote attackers may drop other threats through CookieMiner at their leisure – a possibility that malware experts recommend preventing by disabling all Internet connections immediately.

Poorly-configured mining programs can, sometimes, cause performance issues or, in the worst cases, burn out hardware. However, CookieMiner is just as easily capable of running without showing any symptoms for its victims. Compatible anti-malware programs should detect this threat and be helpful for uninstalling CookieMiner if it's needed. However, the users still will need to change passwords and other security information.

Whether or not it has any luck at overcoming the latest security measures protecting your accounts, CookieMiner is a threatening and multifaceted program. Preferring OS X may make you less of a target to criminals than a Windows user, but that's nowhere near being invincible.