What are CoffeeMiners and how they can affect users?

  • CoffeeMiners can harness your computing devices connected to public Wi-Fi to secretly mine cryptocurrencies.
  • They work similar to a man-in-the-middle attack.

Cyberattackers -- called CoffeeMiners -- can harness your computing devices connected to public Wi-Fi to secretly mine cryptocurrencies. This indicates that browsing by connecting to the Wi-Fi at your favourite coffee shop, while taking a sip of coffee, is no more a safe act. Your laptop could be hijacked on the network without your knowledge and you would be thinking what's wrong with it -- when all of a sudden your device starts working abnormal.

How do they operate?

CoffeeMiners work similar to a man-in-the-middle attack, in which the miscreants sit in between an individual's computer and the server with which the user believes that he/she is communicating directly, which is actually not the case. The threat actors manipulate the server in such a way that it allows them to mine cryptocurrencies while slowing down the processor of the individual’s machine and also the web pages which the user is trying to access.

How does the attack occur?

The attack begins by hackers sending spoof messages from ARP (Address Resolution Protocol) - a protocol for mapping IP addresses of computing devices connected to the network. This is done through dsniff library, which is a collection of tools used for network auditing. CoffeeMiners then inject the malicious javascript code (referred as CoinHive) into the web pages visited by the users who are connected to the Wi-Fi. This enables them to take a control on the Wi-Fi and the users' machines as well. The users won't be able to notice that their machines have been compromised but slow loading of web pages and slow down of processors are the telltale signs of the attack.

Is it safe to use public Wi-Fi?

Not really. For hackers, it does not matter whether the public Wi-Fi is secured by a password or not. They can easily break through the network while you are not aware of it. Unless you are doubly sure that the network you are accessing is authentic, then do not connect to it.

How to stay safe?

You should first verify the authenticity of the Wi-Fi network. Prefer commercial hotspots provided by ISPs like Verizon or AT&T over random free Wi-Fi network. And, if you are still connecting to any public network, try creating a VPN (Virtual Private Network) with a strong key. Also, you can even tether to your phone as a hotspot if you have plans for any necessary work.