Malware with your coffee? Starbucks customers sent to the virtual mines… to find bitcoins

By Cameron Abbott and Harry Crawford

“Free” Wi-Fi isn’t necessarily so. The Wi-Fi provided in a Starbucks store in Buenos Aires was recently discovered to be planting malware onto customer’s laptops. This is another lesson in how cybersecurity can affect even the most innocuous corner-store businesses.

The malware forced a 10-second delay when logging on to the store’s Wi-Fi network, during which time the computer’s processing power was diverted to “cryptocurrency mining”. Cryptocurrency mining is performing the complex calculations required to create cryptocurrencies such as Bitcoin (in this case, the malware generated another cryptocurrency called Monero).  So the customers were having to briefly visit the virtual mines in order to earn their coffee!

A customer discovered the malware and brought it to the attention of Starbucks via Twitter in a post that was shared thousands of times. Even though Starbucks apparently wasn’t complicit, it ended up wearing the cost of the exploit in terms of customer complaints and reputational damage.

Starbucks responded by blaming its internet provider, and saying it would ensure that the issue would be resolved at that store so that its customers’ processing power isn’t siphoned off any longer.

The thing is – it is Starbuck’s brand that took the hit, not the internet provider.  Again a reminder that your supply chain in all areas is often your point of greatest vulnerability.  Are your providers sending your customers to the mines?