According to the published research, the mining was done via the practice of cryptojacking, basically using other users’ computers processing power to mine for crypto without the owners’ permission or knowledge.
Josh Grunzweig of the Unit 42 threat research team of Palo Alto Networks collected around 470,000 samples of how cryptojacking miners were identified within the Palo Alto Network WildFire platform.
The report discovered 3,773 emails connected with mining pools, 2,995 mining pool URLs, 2,341 XRM wallets, 981 Bitcoin (BTC) wallets, 131 Electroneum (ETN) wallets, 44 Ethereum (ETH) wallets, and 28 Litecoin (LTC) wallets.
Grunzweig says that Monero seems to be the most commonly targeted cryptocurrency by malware, with a total of almost $175 million XMR mined maliciously. This is about 5 percent of all Monero coins currently in circulation. Monero currently has a total market cap of about $1.9 billion and trades at about $119 as of press time.
Of the 2341 XMR wallets detected, only a little over half of the wallets have more than 0.01 XMR.
The report also noted however that the data they presented did not include data about web-based Monero miners or other miners they could not access, meaning that the number of affected users is potentially higher.
According to Palo Alto’s report, the total hashrate for Monero cryptojackers, which is around 19 mega-hashes per second brings in around $30,443 a day, which is equal to around 2 percent of the Monero network’s total global hashing power. The report further states that the top three hashrate sources mine around $2,737, $2,022 and $1,596, respectively, per day.
In a statement to Crypto-focused media website Cointelegraph.com, Justin Ehrenhofer of the Monero Malware Response WorkGroup said that because Monero was built without any explicit use cases, some people may attempt to take advantage of Monero’s privacy and accessible proof of work features for their own, illegitimate personal gain.
He continues, saying that:
“The Monero community is interested in helping victims of unwanted system mining and other nefarious actions […] We will never be able to prevent every machine from being compromised. The proportion of coins estimated to be mined with Monero speaks largely to the number of machines that are compromised. In addition to mining Monero, they could be sending spam and monitoring users. We hope that our contributions will limit unwanted behavior at the source.”
Earlier, Japanese police reported they have started an investigation into a case of Monero cryptojacking via the use of Coinhive. Meanwhile, a week ago, a security team found that over 40,000 computers had been infected with mining focused malware, including several targetting Monero, with infected computers spanning industries such as education, finance, and government.