Monero (XMR) is by far the most popular cryptocurrency among criminals deploying mining malware, according to a new study.
Two researchers, Sergio Pastrana and Guillermo Suarez-Tangil, from Universidad Carlos III de Madrid and King’s College London, respectively, published their report last week, estimating that hackers have mined at least 4.32 percent of the total monero in circulation.
Pastrana and Suarez-Tangil write:
The researchers, however, are not sure whether, or what portion, of malware owners have cashed out their crypto, due to lack of information and the fluctuating prices of cryptos. At press time, the value of the XMR total cited is almost $40 million.
Around 4.4 million malware samples were analyzed over a 12-year period from 2007 to 2018, and and 1 million malicious miners were identified, the paper says.
Tactics adopted to distribute malware varies, but the pair say that a "common yet effective approach is to use legitimate infrastructure such as Dropbox or GitHub to host the droppers, and stock mining tools such as claymore and xmrig to do the actual mining."
After monero, which the pair said is "most prevalent," bitcoin came in at second favorite crypto for illicit mining, though its popularity has decreased over the years. Bad actors also experimented with other altcoins such as dogecoin or litecoin during 2013 and 2014 and then shifted back to bitcoin and monero, probably because these are more profitable, the researchers suggest.
Of the malware-associated wallets identified by the team, monero was 56 percent more represented than bitcoin, while zcash came in third place.
Back in November, research from Israel-based cybersecurity firm Check Point Software Technologies showed that a monero mining malware, dubbed KingMiner, is evolving through time to avoid detection.
Monero image via Shutterstock; tables via the report
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.