CoffeeMiner Hacks Public WiFi to Mine Cryptocurrency

Image for post
Image for post

CoffeeMiner is the latest in a series of capabilities that are designed to hijack innocent victim’s devices so they become unwitting miners of cryptocurrency for the attacker. The team over at Arnau Code (arnaucode.com) posted a blog that outlines their academic effort to showcase how easy it is to hijack public wireless network hotspots and inject malicious javascript in html pages to force the systems to mine Monero coins for the benefit of the hacker.

Image for post
Image for post

The team provides a code breakdown of how they successfully created a Man-in-the-Middle (MITM) attack. It is a detailed proof-of-concept which shows a workable capability, but not refined code intended to do longstanding harm. The codebase, most Python, is available to the public.

In essence, an attacker armed with this code and some basic skills could sit at Starbucks and conduct the attack on unsuspecting victims who trust connecting to open WiFi access points. The victim’s systems would then mine cryptocurrency while browsing the Internet at that location. Truly malicious hackers could use this method to inject other types of malware on victim’s systems that could cause much more harm and persist long after they had left.

So beware when you connect to open WiFi networks, there may be someone ready to pounce on your gullibility.

Image Source: https://arnaucode.com/blog/coffeeminer-hacking-wifi-cryptocurrency-miner.html

Interested in more? Follow me on your favorite social sites for insights and what is going on in cybersecurity: LinkedIn, Twitter (@Matt_Rosenquist), YouTube, Information Security Strategy blog, Medium, Golos, and Steemit

Cybersecurity Strategist and CISO specializing in the evolution of threats, opportunities, and risks in pursuit of optimal security

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store