Beware CoffeeMiner project lets you hack public Wi-Fi to mine cryptocoins

Dishant Rathi
Jan 10, 2018 · 2 min read
Coffee Miner Project Released OpenSource On Github !

Remember how an Argentinian Starbucks store recently turned out to be doing JavaScript cryptomining on the side?

That’s where someone else uses your computer, via your web browser, to perform a series of calculations that help to generate some sort of cryptocurrency, and keeps the proceeds for themselves.

Software developer Arnau flagged the issue recently , citing a recent case in which someone was exploiting public Wi-Fi at a Buenos Ares Starbucks, and explored what’s called a “MITM (Man-In-The-Middle)” attack.

In these attacks, the hacker can “inject a javascript” into the html of a page using a public Wi-Fi connection and, in turn, use the computers of other unsuspecting users on the same network to mine cryptocurrency for the hacker.

The attack works through the spoofing of Address Resolution Protocol (ARP) messages by way of the dsniff library which intercepts all traffic on the public network.

Mitmproxy is then used to inject JavaScript into pages the Wi-Fi users visit. To keep the process clean, the developer injected only one line of code which calls a cryptocurrency miner.

Arnau was able to successfully recreate the exploit described in the Starbucks case, which was then, appropriately named CoffeeMiner thanks to those dark-roasted origins.

Check out the demo and source to the project : Github

The lone weakness of the mining script is time. CoinHive, a miner mentioned by Arnau, needs the victim to be on a page for at least 40 seconds to make the effort worthwhile.

And the Big Question is How to be safe ???

Other Impacts And Uses !

Dishant Rathi

Written by

20, Freelancer Web Developer, Coder, Techno Geek & Blog Writer. Website :