CoffeeMiner: Hacking WiFi to inject cryptocurrency miner to HTML requests


by ArnauCode – Blog

4 January 2018

Some weeks ago I read about this Starbucks case where hackers hijacked laptops on the WiFi network to use the devices computing power to mine cryptocurrency, and I thought it might be interesting perform the attack in a different way.

The goal of this article, is to explain how can be done the attack of MITM (Man(Person)-In-The-Middle) to inject some javascript in the html pages, to force all the devices connected to a WiFi network to be mining a cryptocurrency for the attacker.


The objective is to have a script that performs autonomous attack on the WiFi network. It’s what we have called CoffeeMiner, as it’s a kind of attack that can be performed in the cafes WiFi networks.

1. The Scenario

The scenario will be some machines connected to the WiFi network, and the CoffeeMiner attacker intercepting the traffic between the users and the router.


1.1 Scenario configuration

The real scenario is a WiFi with laptops and smartphones connected. We have tested in this real world scenario, and it works. But for this article, we will see more deeply how to set up in a virtual environment.

We will use VirtualBox to deploy our virtual scenario .

First of all we need to download some Linux disk image and install it into a VirtualBox machine, for this example we will use Kali Linux images

Once we have the ISO image downloaded, we prepare 3 VBox machines with the Linux image installed.

To configure the defined scenario we need to prepare the machines each one with a role:

  • Victim
    • will be the machine that connects to the Router and browse some pages.
  • Attacker
    • will be the machine where it runs the CoffeeMiner. Is the machine that performs the MITM.
  • Router / Gateway
    • will act as a normal gateway.


Mais do que uma solução tecnológica, somos uma decisão estratégica para as organizações.

Nossa missão é redefinir a relação das empresas com a cibersegurança e a experiência dos usuários no processo de autenticação e acesso a ativos tecnológicos.