Posted on Jan 5, 2018 by Caleb Chen

How to stop CoffeeMiner, the tool that injects a cryptocurrency miner to HTML requests at WiFi hotspots


coffeeminer

There’s a new project called CoffeeMiner which allows an attacker to hijack the computers of those on the same WiFi network and force them to mine cryptocurrency (Monero) for the attacker. Arnau Code created the proof of concept for academic purposes only after reading about a Starbucks WiFi hotspot that was commandeered to make users mine Monero. While that was being done through the WiFi hotspot’s captive portal, CoffeeMiner also uses Coinhive to do the mining, calling the JS using HTML requests on HTTP websites, though it’s noted that HTTPS functionality could be added easily with sslstrip.

In general, man-in-the-middle (MITM) attacks like this are a threat to consider when you’re on the internet. It’s not just when you’re at a public place such as a coffee shop or airport, either. Even in the comfort of your own home, MITM attacks from your router, or what appears to be your router thanks to ARP spoofing, are an ongoing concern. A separate MITM concern is the fact that some internet service providers and mobile service providers still serve ads or warnings through the same route. The bottom line is that this attack vector of serving your computer stuff that it isn’t expecting, for lack of a simpler analog terminology, is actively used. Therefore, it must be actively prevented against.

Private Internet Access protects against CoffeeMiner

If the user has any HTTP pages open, CoffeeMiner would run coinhive even if the website itself isn’t serving up doesn’t have it – and an uncomfortable amount of websites are already running coinhive by themselves, anyways. By using Private Internet Access, CoffeeMiner would not be able to force your computer to web-mine XMR. For more information on CoffeeMiner (for academic purposes only) please visit Arnau’s site:

http://arnaucode.com/blog/coffeeminer-hacking-wifi-cryptocurrency-miner.html

Ironically, if you visit that website while at a coffee shop without Private Internet Access, you very well could be mining.

About Caleb Chen

Caleb Chen is a digital currency and privacy advocate who believes we must #KeepOurNetFree, preferably through decentralization. Caleb holds a Master's in Digital Currency from the University of Nicosia as well as a Bachelor's from the University of Virginia. He feels that the world is moving towards a better tomorrow, bit by bit by Bitcoin.


VPN Service

Leave a Reply

Your email address will not be published. Required fields are marked *