Finding a method for using other peoples’ computers to mine cryptocurrency is something that many cryptocurrency owners have fantasised about, but as Bitcoin has grabbed the headlines in recent months, some have taken things a step further.
Two of the most common methods discovered to date involve infecting other machines or website with mining software or scripts designed for cryptojacking.
Another method, discovered last month in Buenos Aires, consists of injecting mining code in pages served to users of public WI-Fi networks. This particular incident led a Barcelona-based software developer to investigate how such attacks could be automated.
The latest method works by putting the hacker’s machine between the Wi-Fi router and the devices of people accessing free Wi-Fi, making it possible for the hacker’s machine to intercept and alter the flowing web traffic.
This is done by unleashing an Address Resolution Protocol (ARP) spoofing attack, which involves the hacker sending spoofed ARP messages through a local area network. This has the effect of associating his machine’s MAC address with the IP address of the router. From that point on, all traffic to that IP address will instead flow to the hacker.
The next stage is used mitmproxy to check the internet traffic and modify it by inserting a line of code into HTML pages. This code then calls up a crypto miner script that the hacker previously set up on his machine.
In his investigations, the developer attempted to come up with a script that launches an entirely autonomous attack, though, as he was conducting the work for academic purposes, he didn’t go through with the final stage. In order to use his script, any hacker would have to produce a manual text file containing the IP addresses of intended victims. The script can then go into operation. It carries out all the stages of the attack automatically, and, having tested it in live situations, he has been able to establish that it works.
The developer, who has not been named, also claimed that future versions could include an autonomous Nmap scan, to collate the IPs detected and add them to the list of victims. As cryptocurrencies continue to grow in popularity, such attacks are likely to continue to grow in sophistication.
Image Source: Flickr