CoffeeMiner PoC Targets Public Wi-Fi Networks to Mine for Cryptocurrency

A recently published proof-of-concept notes that it could be possible for attackers to hijack coffee shop Wi-Fi networks and get connected users to mine cryptocurrencies, according to software developer Arnau Code.

A couple of weeks back, an incident involving a Starbucks coffee shop having their customers mining for cryptocurrency – it seems the internet service provider that offered Wi-Fi connectivity was at fault – so it seems attackers physically in the coffee shop could hijack the network. Arnau pulled off the proof-of-concept by performing a man-in-the-middle attack that involved redirecting all customers through his proxy by performing an ARP-spoofing attack, then injecting a single line of code into visited HTML pages that calls the cryptocurrency miner in the victim’s browser.

“The objective is to have a script that performs autonomous attack on the WiFi network,” wrote Arnau. “It’s what we have called CoffeeMiner, as it’s a kind of attack that can be performed in the cafes WiFi networks”

Although the attack requires the cybercriminal to actually be present in the coffee shop and have a strong enough Wi-Fi antenna so that it can hijack traffic from as many clients as possible, the attack does seem plausible, provided the targeted router or switch lacks built-in ARP-spoofing protection.

Leveraging the same CoinHive cryptocurrency mining JavaScript used by The Pirated Bay or some rogue Google Chrome extensions, Arnau does point out that, for the mining to yield positive results, the victim needs to visit the affected website for more than 40 seconds per session.

“CoinHive miner makes sense when user stays in a websit for mid-long term sessions. So, for example, for a website where the users average session is around 40 seconds, it doesn’t make much sense,”
reads the blog post. “In our case, as we will inject the crypto miner in each one of the HTML pages that victims request, will have long term sessions to calculate hashes to mine Monero.”

The developer suggests that adding more automation to his proof-of-concept could increase its effectivness, although the project has been tagged “for academic purposes only”.



This is a Security Bloggers Network syndicated blog post authored by Liviu Arsene. Read the original post at: HOTforSecurity