Newly found malware can steal passwords, credit card details in Google's Chrome & Apple's Safari

Malware detected
Malware detected Pixabay

American multinational cybersecurity company, Palo Alto Networks said that they have found a malware, which can steal saved usernames and passwords in Google Chrome, saved credit card details in Google's Chrome and Apple's iPhones text messages.

The California based company named the malware "CookieMiner." As per Unit 42, an arm of Palo Alto Networks this malware is capable of stealing browser cookies associated with those mainstream cryptocurrency exchanges and wallet service websites, which were visited by the victims.

It steals saved passwords in Chrome and iPhone text messages from iTunes backups on the connected Mac device. As per the researchers, "By leveraging the combination of stolen login credentials, web cookies and SMS data, based on past attacks like this, we believe the bad actors could bypass multi-factor authentication for these sites."

If the hackers become successful, they would have the full access to the victim's exchange accounts as well as a wallet and use the fund as if they were the user themselves. Researchers also found that the malware also configures the system to load coin-mining software.

When a user logs into a website, its cookies are stored for the web server to know the login status and meanwhile if these cookies are stolen by those hackers, then they could potentially sign into the victim's account and would be able to use it.

Unit 42 said in a blog post on Thursday that theft of these cookies is an important step "to bypass login anomaly detection. If only the username and password are stolen and used by a bad actor, the website may issue an alert or request additional authentication for a new login."

It should be noted that there are possibilities that the website may not issue an alert or request for authentication if the victim provided authentication cookie along with the user name and password and the website continue the operation believing that the session is associated with a previously authenticated system host.

The researchers added that "If the bad actors successfully enter the websites using the victim's identity, they could perform fund withdrawals."

This malware doesn't only target Apple's Safari, as the attackers also target Google Chrome due to its popularity.

While most of the modern crypto-currency exchanges and online wallet services have multi-factor authentication, reports suggested that the owners of the crypto-currency, "should keep an eye on their security settings and digital assets to prevent compromise and leakage."