How to stop CoffeeMiner, the tool that injects a cryptocurrency miner to HTML requests at WiFi hotspots

There’s a new project called CoffeeMiner which allows an attacker to hijack the computers of those on the same WiFi network and force them to mine cryptocurrency (Monero) for the attacker. Arnau Code created the proof of concept for academic purposes only after reading about a Starbucks WiFi hotspot that was commandeered to make users mine Monero. While that was being done through the WiFi hotspot’s captive portal, CoffeeMiner also uses Coinhive to do the mining, calling the JS using HTML requests on HTTP websites, though it’s noted that HTTPS functionality could be added easily with sslstrip.

In general, man-in-the-middle (MITM) attacks like this are a threat to consider when you’re on the internet. It’s not just when you’re at a public place such as a coffee shop or airport, either. Even in the comfort of your own home, MITM attacks from your router, or what appears to be your router thanks to ARP spoofing, are an ongoing concern. A separate MITM concern is the fact that some internet service providers and mobile service providers still serve ads or warnings through the same route. The bottom line is that this attack vector of serving your computer stuff that it isn’t expecting, for lack of a simpler analog terminology, is actively used. Therefore, it must be actively prevented against.

Private Internet Access protects against CoffeeMiner

If the user has any HTTP pages open, CoffeeMiner would run coinhive even if the website itself isn’t serving up doesn’t have it – and an uncomfortable amount of websites are already running coinhive by themselves, anyways. By using Private Internet Access, CoffeeMiner would not be able to force your computer to web-mine XMR.