Researcher developed hidden miner for public Wi-Fi

An anonymous researcher was inspired by the hidden mining incedent in Star Bucks network in December 2017 in Buenos Aires
10 January 2018   137

Anonymous researcher under nickname "Arnau" published a concept and the associated investigation of the CoffeeMiner attack, which allows to mine through public Wi-Fi networks.

Created for educational purposes, the Arnau's study was inspired by an incident that occurred in December 2017 in Buenos Aires. Local network of Starbucks coffee houses was mining hiddenly with the help of devices connected to the public Wi-Fi network.

The CoffeeMiner attack is designed to spoof the Address Resolution Protocol (ARP) to intercept unencrypted traffic from devices on the same network.

For injection of HTML-code into unprotected traffic, the console program mitmproxy is used. As a result, JavaScript is launched, which draws CPU resources, using them for mining.

CoffeeMiner Concept
CoffeeMiner Concept

In his tests, the researcher used the popular "browser" mining script. Coinhive and extracted the Monero crypto currency.


Specialist notes that such an attack can be easily automated. And although in the current form CoffeeMiner can not work with HTTPS, this problem can be solved, for example, using sslstrip.

Source code is available at GitHub.

Microsoft Word Has Mining Vulnerability, Votiro Says

According to researhers, vulnerability is caused by the new feature of Microsoft Word
22 February 2018   32

Java mining scripts for Monero can be run inside Word documents. This became possible thanks to a new feature that appeared in the latest versions of Microsoft Office products. It allows you to add text to the video using the iframe insertion code. The file itself does not become harder, because the view is done online. This is reporte by Block Tribune.

The problem was noticed by a researcher from the Israeli company Votiro Amit Dori. He writes that the video player is actually a disguised Internet Explorer browser that operates in an offline mode. In addition, Word allows you to insert links to any site on the Internet, even if it is not in the white list.

You can protect yourself by maintaining an up-to-date machine with all security patches and updates installed. Furthermore, if you spot a serious CPU rise while watching an online video in Word, be aware it might be an in-browser miner and close the video frame.

Amit Dori

Security researcher, Votiro

The scammer can place the video in his own domain, adding to it a Java-script for mining. It is worth the user to click on the playback, as the crypto miner starts to mine Monero, parasitizing on the power of its processor.