How CoffeeMiner Attack Hacks Public Wi-Fi And Uses Your PC For Mining Cryptocurrency
In a similar development, a security researcher named Arnau has published a proof-of-concept project that showcases how troublesome actors can exploit such public Wi-Fi networks and print free money.
Named CoffeeMiner, this attack uses a script to perform autonomous MITM attack to inject some malicious JavaScript code into the HTML pages. The attack has been tested in the real-world scenario to turn smartphones and PCs into cryptomining bots.
For performing MITM attack, the ARP spoofing technique is used. The researcher used dsniff library to perform the ARP spoofing attack. Using another tool named mitmproxy, the traffic going to the host is analyzed and JavaScript code is injected. To make the process cleaner, a single line of HTML code is injected; this line calls the miner.
As expected, the miner being used in the concept is from CoinHive. It’s a Monero miner that uses the CPU power to calculate hashes with Cryptonight PoW hash algorithm for mining.
The real-world demo of the attack using Kali Linux is shown below. The researcher has shared this attack for academic purposes and to showcase how easily one cybercriminal can exploit your weak security practices.
Also Read: 5 Easy Ways To Block Cryptocurrency Mining In Your Web Browser