CoffeeMiner: What Is MITM Man In The Middle Cryptojacking?

Amid the cryptocurrency frenzy, the cryptos world has woken up to news of a trending crypto-jacking tool called CoffeeMiner. Apparently, it is possible to mine coins anonymously using the CPUs of those with a penchant for free public WiFi and don’t use VPN as one just needs to use this tool.

Lately, interest in cryptocurrencies has been growing owing to the sudden surge in the value of BTC and ETH. Ransomware attacks in 2017, led by WannaCry and Petya/NonPetya was cyberattackers’ way of getting funds. But the emergence of CoffeeMiner will undoubtedly mark another “peak coinjack.”

What Is CoffeeMiner?

CoffeeMiner is an open-source Python application built by a Barcelona-based software developer called Arnau Code, and it stealthily executes a “man-in-the-middle” (MiTM) attack. Essentially, this tool injects JavaScript code into each website visited by anyone using the WiFi before using their CPUs to mine cryptocurrencies that are mineable via JavaScript.

A “man-in-the-middle” attack is where there’s a middleman on the network who, unknown to you, gets to see all your network requests before they reach their destinations. The person also receives all replies before they get to your PC and can even alter them. And that is precisely what CoffeeMiner does – intercepting your web traffic before the network’s access point, covertly picks up the web page before ‘sneaking’ a line of JavaScript in your reply.

The whole process isn’t elaborate for a smart person. The attack is executed by spoofing Address Resolution Protocol (ARP) messages with a dsniff (an open-source product) that seizes traffic on the network. It then uses Mitmproxy (open-source toolkit) to inject JavaScript into sites users of the network visit. The process is so clean that an ordinary user won’t notice.

The miner is served via an HTTP server as the attackers reroute unsuspecting victims to a server that's under their watch. All these hackers need are as little as 40 seconds of the victim visiting a given website.

What CoffeeMiner Man In The Middle Cryptojacking Does

  • Tricks your browser into thinking it is the WiFi’s access point – using dsniff.
  • Passes on your traffic, except web requests. It pushes the requests into a MiTM proxy – using mitmproxy.
  • Secretly inserts a line of coin-mining JavaScript HTML into the reply.

The line can be something like this: <script src=””><script> whereby, is the server running on the computer and is the crypto-mining code. The developer opted for a favorite miner called CoinHive which is capable of mining Monero coins.

According to its developer, public WiFi might now become a source of income for the hacker. The project was released for academic study, but leans upon its most recent discovery on an Argentinian Starbucks Wi-Fi network. The developer also admits the tool works as he also tested it in real-life scenarios.

How To Protect Yourself From CoffeeMiner

Anyone who loves free WiFi can be a victim. The main risk is using an untrusted network since a rogue attacker could be using it to mess with encrypted web traffic. Without HTTP means no confidentiality, identification, and integrity. To be safe, therefore, only use sites that use HTTPS alone, use a VPN if you can’t live without free WiFi and try to watch out!

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide