2 min read

CoffeeMiner PoC Targets Public Wi-Fi Networks to Mine for Cryptocurrency

Liviu ARSENE

January 08, 2018

CoffeeMiner PoC Targets Public Wi-Fi Networks to Mine for Cryptocurrency

A recently published proof-of-concept notes that it could be possible for attackers to hijack coffee shop Wi-Fi networks and get connected users to mine cryptocurrencies, according to software developer Arnau Code.

A couple of weeks back, an incident involving a Starbucks coffee shop having their customers mining for cryptocurrency – it seems the internet service provider that offered Wi-Fi connectivity was at fault – so it seems attackers physically in the coffee shop could hijack the network. Arnau pulled off the proof-of-concept by performing a man-in-the-middle attack that involved redirecting all customers through his proxy by performing an ARP-spoofing attack, then injecting a single line of code into visited HTML pages that calls the cryptocurrency miner in the victim”s browser.

“The objective is to have a script that performs autonomous attack on the WiFi network,” wrote Arnau. “It”s what we have called CoffeeMiner, as it”s a kind of attack that can be performed in the cafes WiFi networks”

Although the attack requires the cybercriminal to actually be present in the coffee shop and have a strong enough Wi-Fi antenna so that it can hijack traffic from as many clients as possible, the attack does seem plausible, provided the targeted router or switch lacks built-in ARP-spoofing protection.

Leveraging the same CoinHive cryptocurrency mining JavaScript used by The Pirated Bay or some rogue Google Chrome extensions, Arnau does point out that, for the mining to yield positive results, the victim needs to visit the affected website for more than 40 seconds per session.

“CoinHive miner makes sense when user stays in a websit for mid-long term sessions. So, for example, for a website where the users average session is around 40 seconds, it doesn”t make much sense,”
reads the blog post. “In our case, as we will inject the crypto miner in each one of the HTML pages that victims request, will have long term sessions to calculate hashes to mine Monero.”

The developer suggests that adding more automation to his proof-of-concept could increase its effectivness, although the project has been tagged “for academic purposes only”.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Romance scammers arrested in Texas for defrauding elderly lonely hearts Romance scammers arrested in Texas for defrauding elderly lonely hearts
Graham CLULEY

September 28, 2021

3 min read
iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find
Silviu STAHIE

September 27, 2021

1 min read
Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement
Silviu STAHIE

September 27, 2021

1 min read