According to the research, the mining has been done via cryptojacking, the practice of using other users’ computers’ processing power to mine for cryptocurrencies without the owners’ permission.
Josh Grunzweig of the Unit 42 threat research team collected data - around 470,000 unique samples - on how many cryptojacking miners have been identified within the Palo Alto Network WildFire platform.
The report finds 3,773 emails connected with mining pools, 2,995 mining pools URLs, 2,341 XRM wallets, 981 Bitcoin (BTC) wallets, 131 Electroneum (ETN) wallets, 44 Ethereum (ETH) wallets, and 28 Litecoin (LTC) wallets.
According to Grunzweig, Monero has an “incredible monopoly” on the cryptocurrencies targeted by malware, with a total of $175 mln mined maliciously (about 5 percent of all Monero now in circulation). Monero has a total market cap of around $1.9 bln, trading for around $119 and down around 10 percent over a 24 hour period to press time.
Of the 2,341 Monero wallets found, only 55 percent (or 1,278) have more than 0.01 XMR (currently worth around $1.19).
The report also notes that the data does not include web-based Monero miners or other miners they could not access, meaning that the 5 percent is most likely too low of a calculation.
Distribution of cryptocurrencies targeted by malicious miners. Source: Palo Alto Networks
According to the report, the total hashrate for Monero cryptojacking - around 19 mega-hashes per second (MH/s) bringing in about $30,443 a day - is equal to about 2 percent of the Monero network’s global hashing power. The report states that the top three hashrate sources mine around $2,737, $2,022 and $1,596 each day.
In an email to Cointelegraph, Justin Ehrenhofer of the Monero Malware Response WorkGroup wrote that because Monero is “built without any explicit use cases,” people “may take advantage of Monero's privacy and accessible proof of work features for their own illegitimate personal gain.”
For this reason, the malware workgroup is a body of volunteers that work on educating crypto users about how to avoid malware and being cryptojacked:
“The Monero community is interested in helping victims of unwanted system mining and other nefarious actions [...] We will never be able to prevent every machine from being compromised. The proportion of coins estimated to be mined with Monero speaks largely to the number of machines that are compromised. In addition to mining Monero, they could be sending spam and monitoring users. We hope that our contributions will limit unwanted behavior at the source.”
Yesterday, Japanese police reported they have opened an investigation into a case of Monero cryptojacking with the use of the Coinhive mining software. Last week, a security team found that over 40,000 computers were infected with mining malware, including for Monero, from industries including finance, education, and government.