CookieMiner: Steals Passwords From Cookies, Chrome And iPhone Texts!



There’s a new malware CookieMiner, prevalent in the market which binges on saved passwords on Chrome, iPhone text messages and Mac-tethered iTunes backups.

A world-wide cyber-security organization not of very late uncovered a malicious malware which gorges on saved user credentials like passwords and usernames.

This activity has been majorly victimizing passwords saved onto Google Chrome, credit card credentials saved onto Chrome and iPhone text messages backed up to Mac.

Reportedly, what the malware does is that it gets hold of the browser cookies in relation with mainstream crypto-currency exchanges which also include wallet providing websites the user has gone through.

The surmised motive behind the past acts of the miner seems to be the excruciating need to bypass the multi-factor authentication for the sites in question.

Having dodged the main security procedure, the cyber-con behind the attack would be absolutely free to access the victim’s exchange account or the wallet so being used and to exploit the funds in them.

Web cookies are those pieces of information which get automatically stored onto the web server, the moment a user signs in.

Hence, exploitation of those cookies directly means exploiting the very user indirectly.

Cookie theft is the easiest way to dodge login anomaly detection, as if the username and passwords are used by an amateur, the alarms might set off and another authentication request may get sent.

Whereas if the username passwords are used along with the cookie the entire session would absolutely be considered legit and no alert would be issued after all.

Most of the fancy wallet and crypto-currency exchange websites have multi-factor authentication.

All that the CookieMiner does is that it tries to create combinations and try them in order to slide past the authentication process.

A cyber-con could treat such a vulnerable opportunity like a gold mine and could win a lot out of it.

In addition to Google’s Chrome, Apple’s Safari is also a web browser being openly targeted. As it turns out, the choice for the web browser target depends upon its recognition.

The malware seems to have additional malignancy to it as it also finds a way to download a “CoinMiner” onto the affected system/ device.

Android Users To Surf The Web Without A Constant Internet Connection.




On the 21st of June Google presented a new feature for its Android devices that would give users the access in India and a few different nations to surf the web without the need of a steady Web connection.

Started for Chrome on Android clients in India alongside 100 other nations including Nigeria, Indonesia, and Brazil, the feature will enable the users to surf web in areas with no or spotty web connections.

“When you’re connected to free, unmetered Wi-Fi, Chrome will automatically download relevant articles, based on what content is most popular in your location,” said Amanda Boss, Product Manager, and Offline Chrome for Android. 

For users who are already signed in, Chrome will likewise reserve important and relevant articles in view of the perusing history with the goal that the user can read them when there is no web connection in the phone. This feature is now accessible in the most recent version of Chrome.

The feature case to set aside 70 per cent of the user’s data and with the data saver mode on, Chrome downloads the content that it assumes to be generally applicable.

At the point when the Data Saver is on, the most part of the web traffic goes through Google servers before being downloaded to that specific device and Google servers compress it so less data gets downloaded to the user's device.

Aside from this, Google likewise has a data saving application also that goes by the name of - Datally- it provides the user with a few different ways to control the data usage in their smartphones. The application accompanies highlights like: ability to set daily data usage limit, set a guest mode to see how much data a friend uses, highlighting the unused apps that may be eating up your data, data usage history, WiFi finder on map and many more.



New Malware Variant Designed To Swindle Financial Data from Google Chrome and Firefox Browsers



Researchers have as of late discovered Vega Stealer a malware that is said to have been created in order to harvest financial information from the saved credentials of Google Chrome and Mozilla Firefox browsers.

At present,  the Vega Stealer is just being utilized as a part of small phishing campaigns, however researchers believe that the malware can possibly bring about major hierarchical level attacks as it is just another variation of August Stealer crypto-malware that steals credentials, sensitive documents, cryptocurrency wallets, and different subtle elements put away in the two browsers.

On May 8 this year, the researchers observed and obstructed a low-volume email campaign with subjects, for example, 'Online store developer required'. The email comes with an attachment called 'brief.doc', which contains noxious macros that download the Vega Stealer payload.

The Vega Stealer ransomware supposedly focuses on those in the marketing, advertising, public relations, and retail/ manufacturing industries. Once the document is downloaded and opened, a two-step download process begins.

The report said "...The first request executed by the document retrieves an obfuscated JScript/PowerShell script. The execution of the resulting PowerShell script creates the second request, which in turn downloads the executable payload of Vega Stealer, the payload is then saved to the victim machine in the user's "Music" directory with a filename of 'ljoyoxu.pkzip' and once this file is downloaded and saved, and it is executed automatically via the command line."

At the point when the Firefox browser is in utilization, the malware assembles particular documents having different passwords and keys, for example, "key3.db" "key4.db", "logins.json", and "cookies.sqlite".

Other than this, the malware likewise takes a screenshot of the infected machine and scans for any records on the framework finishing off with .doc, .docx, .txt, .rtf, .xls, .xlsx, or .pdf for exfiltration.
While the researchers couldn't ascribe Vega Stealer to any particular group, regardless they guarantee that the document macro and URLs associated with the crusade propose that a similar threat actor is responsible for campaigns spreading financial malware.

So as to be protected, Ankush Johar, Director at Infosec Ventures, in a press statement said that "...Organisations should take cyber awareness seriously and make sure that they train their consumers and employees with what malicious hackers can do and how to stay safe from these attacks. One compromised system is sufficient to jeopardize the security of the entire network connected with that system."

Because while Vega Stealer isn't the most complex malware in use today, but it does demonstrates the adaptability and flexibility of malware, authors, and actors to accomplish criminal objectives.