Home Hacking How CoffeeMiner Attack Hacks Public Wi-Fi And Uses Your PC For Mining Cryptocurrency

How CoffeeMiner Attack Hacks Public Wi-Fi And Uses Your PC For Mining Cryptocurrency

by admin

How CoffeeMiner Attack Hacks Public Wi-Fi And Uses Your PC For Mining Cryptocurrency

After a series of ransomware attacks capturing the headlines past year, crypto mining malware and cryptojacking attacks came into the play. Just last month, a Starbucks customer found that the infected Wi-Fi hotspot was trying to mine Monero digital coins. It was a new kind of threat associated with using public hotspots, which are often labeled unsafe and users are advised to use VPN services for extra privacy.

In a similar development, a security researcher named Arnau has published a proof-of-concept project that showcases how troublesome actors can exploit such public Wi-Fi networks and print free money.

Named CoffeeMiner, this attack uses a script to perform autonomous MITM attack to inject some malicious JavaScript code into the HTML pages. The attack has been tested in the real-world scenario to turn smartphones and PCs into cryptomining bots.

For performing MITM attack, the ARP spoofing technique is used. The researcher used dsniff library to perform the ARP spoofing attack. Using another tool named mitmproxy, the traffic going to the host is analyzed and JavaScript code is injected. To make the process cleaner, a single line of HTML code is injected; this line calls the miner.

As expected, the miner being used in the concept is from CoinHive. It’s a Monero miner that uses the CPU power to calculate hashes with Cryptonight PoW hash algorithm for mining.

The real-world demo of the attack using Kali Linux is shown above. The researcher has shared this attack for academic purposes and to showcase how easily one cybercriminal can exploit your weak security practices.

READ ALSO:  10 private search engines that do not track you

source: https://fossbytes.com

You may also like

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept

Privacy & Cookies Policy