Bitcoin Global News (BGN)

February 05, 2019 -- ADVFN Crypto NewsWire --Because of the inherent similarities in how users access use of cryptocurrencies or their fiat currency bank accounts and credit card information, they are both perceptible to a new malware. The complex system of data breaches begins with one of the simplest forms of coding, but leads to the ability of a series of automated systems copying users’ log in information to an anonymous location where hackers have access to it. Further some of this malware is used to subvertly install mining software that anonymously transfers profits to accounts controlled by hackers.

The malware was reported on January 31st by Yue Chen, Cong Zheng, Wenjun Hu and Zhi Xu - members of Palo Alto Networks’ Unit 42. The group believes that the malware was developed and launched by OSX.DarthMiner, a malware producing network of developers and hackers that focus on the MacOSX operating system.

Targeting All Major Browsers

The malware is launched over networks, affecting Safari, Chrome, Firefox and Chromium. The Palo Alto Network Group Unit 42 is referring to this initial system as CookieMiner. The simple program is able to download a Python script named “harmlesslittlecode.py” to users computers. It can then extract saved login credentials and credit card information from a web browser’s local data storage. It will even steal iPhone text message data from iTunes backups if that option is selected by the user and their iPhone is tethered to the Mac.

How to Bypass Security Measures?

When users log in to secure websites, “cookies” are use to save this log in data. It is not saving the actual login information, but rather the fact that the specific device and location was used to log in. When an attempt to log in with a different device or location is made, most websites that deal with money in any way will automatically send a verification to the users email or phone in some way.

However, in this case, if a hacker has the log in information of the user, as well as the exact cookie file data, they can make it appear as if their log in attempt is the same as the true user logging into their account. For cryptocurrencies, it is a similar process of being able to by pass the multi-factor authentication security measures to gain access to an account.

Installing Mining Software

In addition to sending off all vital user information, this malware configures the system to load mining software on the system. It is made to look like an Monero miner commonly used called XMRig. However, the researchers found that the software was actually mining Koto. It is only common in Japan, and is built on the Zcash platform, giving it the ability for anonymous transactions.
 

By: BGN Editorial Staff