Bitcoin Global News (BGN)
February 05, 2019 -- ADVFN Crypto NewsWire --Because of the
inherent similarities in how users access use of cryptocurrencies
or their fiat currency bank accounts and credit card information,
they are both perceptible to a new malware. The complex system of
data breaches begins with one of the simplest forms of coding, but
leads to the ability of a series of automated systems copying
users’ log in information to an anonymous location where hackers
have access to it. Further some of this malware is used to
subvertly install mining software that anonymously transfers
profits to accounts controlled by hackers.
The malware was reported on January
31st by Yue Chen, Cong Zheng, Wenjun Hu and Zhi Xu - members of
Palo Alto Networks’ Unit 42. The group believes that the malware
was developed and launched by OSX.DarthMiner, a malware producing
network of developers and hackers that focus on the MacOSX
operating system.
Targeting All Major
Browsers
The malware is launched over
networks, affecting Safari, Chrome, Firefox and Chromium. The Palo
Alto Network Group Unit 42 is referring to this initial system as
CookieMiner. The simple program is able to download a Python script
named “harmlesslittlecode.py” to users computers. It can then
extract saved login credentials and credit card information from a
web browser’s local data storage. It will even steal iPhone text
message data from iTunes backups if that option is selected by the
user and their iPhone is tethered to the Mac.
How to Bypass Security Measures?
When users log in to secure
websites, “cookies” are use to save this log in data. It is not
saving the actual login information, but rather the fact that the
specific device and location was used to log in. When an attempt to
log in with a different device or location is made, most websites
that deal with money in any way will automatically send a
verification to the users email or phone in some way.
However, in this case, if a hacker
has the log in information of the user, as well as the exact cookie
file data, they can make it appear as if their log in attempt is
the same as the true user logging into their account. For
cryptocurrencies, it is a similar process of being able to by pass
the multi-factor authentication security measures to gain access to
an account.
Installing Mining
Software
In addition to sending off all
vital user information, this malware configures the system to load
mining software on the system. It is made to look like an Monero
miner commonly used called XMRig. However, the researchers found
that the software was actually mining Koto. It is only common in
Japan, and is built on the Zcash platform, giving it the ability
for anonymous transactions.
By: BGN Editorial Staff