Back to Blog

CoffeeMiner: Hacking WiFi to inject cryptocurrency miner to HTML requests

January 8, 2018

By: mirabiliscorp

Capturar

by ArnauCode – Blog

4 January 2018

Some weeks ago I read about this Starbucks case where hackers hijacked laptops on the WiFi network to use the devices computing power to mine cryptocurrency, and I thought it might be interesting perform the attack in a different way.

The goal of this article, is to explain how can be done the attack of MITM (Man(Person)-In-The-Middle) to inject some javascript in the html pages, to force all the devices connected to a WiFi network to be mining a cryptocurrency for the attacker.

coffeeMiner

The objective is to have a script that performs autonomous attack on the WiFi network. It’s what we have called CoffeeMiner, as it’s a kind of attack that can be performed in the cafes WiFi networks.

1. The Scenario

The scenario will be some machines connected to the WiFi network, and the CoffeeMiner attacker intercepting the traffic between the users and the router.

network

1.1 Scenario configuration

The real scenario is a WiFi with laptops and smartphones connected. We have tested in this real world scenario, and it works. But for this article, we will see more deeply how to set up in a virtual environment.

We will use VirtualBox to deploy our virtual scenario https://www.virtualbox.org/ .

First of all we need to download some Linux disk image and install it into a VirtualBox machine, for this example we will use Kali Linux images https://www.kali.org/

Once we have the ISO image downloaded, we prepare 3 VBox machines with the Linux image installed.

To configure the defined scenario we need to prepare the machines each one with a role:

  • Victim
    • will be the machine that connects to the Router and browse some pages.
  • Attacker
    • will be the machine where it runs the CoffeeMiner. Is the machine that performs the MITM.
  • Router / Gateway
    • will act as a normal gateway.

MORE: http://arnaucode.com/blog/coffeeminer-hacking-wifi-cryptocurrency-miner.html

Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

contact@sikur.com

Follow us

Try SIKUR





Contact Us
First Name*
Last Name*
E-mail*
Mobile Number*
Company*
Country*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
Comments
I agree to the Privacy Policy and Terms of Service.