Beware CoffeeMiner project lets you hack public Wi-Fi to mine cryptocoins
Remember how an Argentinian Starbucks store recently turned out to be doing JavaScript cryptomining on the side?
That’s where someone else uses your computer, via your web browser, to perform a series of calculations that help to generate some sort of cryptocurrency, and keeps the proceeds for themselves.
Software developer Arnau flagged the issue recently , citing a recent case in which someone was exploiting public Wi-Fi at a Buenos Ares Starbucks, and explored what’s called a “MITM (Man-In-The-Middle)” attack.
In these attacks, the hacker can “inject a javascript” into the html of a page using a public Wi-Fi connection and, in turn, use the computers of other unsuspecting users on the same network to mine cryptocurrency for the hacker.
The attack works through the spoofing of Address Resolution Protocol (ARP) messages by way of the dsniff library which intercepts all traffic on the public network.
Mitmproxy is then used to inject JavaScript into pages the Wi-Fi users visit. To keep the process clean, the developer injected only one line of code which calls a cryptocurrency miner.
Arnau was able to successfully recreate the exploit described in the Starbucks case, which was then, appropriately named CoffeeMiner thanks to those dark-roasted origins.
Check out the demo and source to the project : Github
The lone weakness of the mining script is time. CoinHive, a miner mentioned by Arnau, needs the victim to be on a page for at least 40 seconds to make the effort worthwhile.
And the Big Question is How to be safe ???
Using tools like No Coin Plugin for Google Chrome and Firefox user’s.
Other Impacts And Uses !
Beware ! , This script can be used at college , office and many more public places. #BewareOfMiningOnInternet
