{"id":2579,"date":"2019-02-01T09:41:27","date_gmt":"2019-02-01T09:41:27","guid":{"rendered":"https:\/\/ncrfrontlinenews.com\/?p=2579"},"modified":"2019-02-01T09:41:27","modified_gmt":"2019-02-01T09:41:27","slug":"you-will-be-bankrupt-your-credit-card-is-in-danger","status":"publish","type":"post","link":"https:\/\/ncrfrontlinenews.com\/?p=2579","title":{"rendered":"You will be bankrupt, your credit card is in danger"},"content":{"rendered":"<p><strong>San Francisco, <\/strong>Global cybersecurity company Palo Alto Networks has discovered a malware that is capable of stealing saved usernames and passwords in Google Chrome, saved credit card credentials in Chrome and iPhones text messages if backed up to a Mac.The malware named &#8220;CookieMiner&#8221; is capable of stealing browser cookies associated with mainstream cryptocurrency exchanges and wallet service websites visited by the victims, said Unit 42, an arm of Palo Alto Networks.<\/p>\n<p>It steals saved passwords in Chrome and iPhone text messages from iTunes backups on the tethered Mac.&#8221;By leveraging the combination of stolen login credentials, web cookies and SMS data, based on past attacks like this, we believe the bad actors could bypass multi-factor authentication for these sites,&#8221; the researchers noted.<\/p>\n<p>If successful, the attackers would have full access to the victim&#8217;s exchange account and\/or wallet and be able to use those funds as if they were the user themselves.<\/p>\n<p>The malware also configures the system to load coinmining software on the system.Web cookies are widely used for authentication. Once a user logs into a website, its cookies are stored for the web server to know the login status.If the cookies are stolen, the attacker could potentially sign into the website to use the victim&#8217;s account.<\/p>\n<p>&#8220;Stealing cookies is an important step to bypass login anomaly detection. If only the username and password are stolen and used by a bad actor, the website may issue an alert or request additional authentication for a new login,&#8221; said Unit 42 in a blog post on Thursday.<\/p>\n<p>However, if an authentication cookie is also provided along with the user name and password, the website might believe the session is associated with a previously authenticated system host and not issue an alert or request additional authentication methods.<\/p>\n<p>Most modern cryptocurrency exchanges and online wallet services have multi-factor authentication.&#8221;CookieMiner&#8221; tries to navigate past the authentication process by stealing a combination of the login credentials, text messages and web cookies.<\/p>\n<p>&#8220;If the bad actors successfully enter the websites using the victim&#8217;s identity, they could perform fund withdrawals,&#8221; said the researchers.Apple&#8217;s Safari is not the only web browser targeted. Google Chrome also attracts the threat actors&#8217; attention due to its popularity.<\/p>\n<p>&#8220;Cryptocurrency owners should keep an eye on their security settings and digital assets to prevent compromise and leakage,&#8221; the report suggested.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>San Francisco, Global cybersecurity company Palo Alto Networks has discovered a malware that is capable of stealing saved usernames and passwords in Google Chrome, saved credit card credentials in Chrome and iPhones text messages if backed up to a Mac.The malware named &#8220;CookieMiner&#8221; is capable of stealing browser cookies associated with mainstream cryptocurrency exchanges and [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":2580,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":{"0":"post-2579","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business"},"_links":{"self":[{"href":"https:\/\/ncrfrontlinenews.com\/index.php?rest_route=\/wp\/v2\/posts\/2579","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ncrfrontlinenews.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ncrfrontlinenews.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ncrfrontlinenews.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ncrfrontlinenews.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2579"}],"version-history":[{"count":1,"href":"https:\/\/ncrfrontlinenews.com\/index.php?rest_route=\/wp\/v2\/posts\/2579\/revisions"}],"predecessor-version":[{"id":2581,"href":"https:\/\/ncrfrontlinenews.com\/index.php?rest_route=\/wp\/v2\/posts\/2579\/revisions\/2581"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ncrfrontlinenews.com\/index.php?rest_route=\/wp\/v2\/media\/2580"}],"wp:attachment":[{"href":"https:\/\/ncrfrontlinenews.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2579"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ncrfrontlinenews.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2579"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ncrfrontlinenews.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2579"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}