Monero (XMR) is by far the most popular cryptocurrency among criminals deploying mining malware, according to a new study.
Two researchers, Sergio Pastrana and Guillermo Suarez-Tangil, from Universidad Carlos III de Madrid and King’s College London, respectively, published their report last week, estimating that hackers have mined at least 4.32 percent of the total monero in circulation.
Pastrana and Suarez-Tangil write:
The researchers, however, are not sure whether, or what portion, of malware owners have cashed out their crypto, due to lack of information and the fluctuating prices of cryptos. At press time, the value of the XMR total cited is almost $40 million.
Around 4.4 million malware samples were analyzed over a 12-year period from 2007 to 2018, and and 1 million malicious miners were identified, the paper says.
Tactics adopted to distribute malware varies, but the pair say that a "common yet effective approach is to use legitimate infrastructure such as Dropbox or GitHub to host the droppers, and stock mining tools such as claymore and xmrig to do the actual mining."
After monero, which the pair said is "most prevalent," bitcoin came in at second favorite crypto for illicit mining, though its popularity has decreased over the years. Bad actors also experimented with other altcoins such as dogecoin or litecoin during 2013 and 2014 and then shifted back to bitcoin and monero, probably because these are more profitable, the researchers suggest.
Of the malware-associated wallets identified by the team, monero was 56 percent more represented than bitcoin, while zcash came in third place.
Back in November, research from Israel-based cybersecurity firm Check Point Software Technologies showed that a monero mining malware, dubbed KingMiner, is evolving through time to avoid detection.
Monero image via Shutterstock; tables via the report
CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk offers all employees above a certain salary threshold, including journalists, stock options in the Bullish group as part of their compensation.