I remember reading a comment yesterday about how long it would be till we saw cryptocurrency miner that would run on the Internet of Things, well that looks like it is just about here. Anthony Russell has a javascript injection that got mining software working on his home network and grabs all the CPU resources it can with those on the network that are surfing the web. He calls it Miner in the Middle.



The attack is pretty simple actually. Your attacking machine needs to connect to a network with people surfing the web on it. Once connected, you run the script I provided above. The script will create an html file that has the javascript monero miner in it and it will also link your api key into it. Once the file is built, it launches the MitMf application.

The MitMf application, once running, will first arp poison the network and tell everyone to route traffic through your machine. Next it will listen for HTTP responses. When it sees one, it will inject our payload into it. Finally the victim will execute the payload automatically, without prompt, and start mining monero for you.

That’s it!

I attempted this attack on my home network and within about 30 seconds I had 3 machines and my girlfriends phone mining monero for me lol

Discussion

Source: [H]ardOCP – Injecting Javascript Cryptocurrency Miner into a Public Network