Research: Crypto Mining Malware Bags Almost 5% of Entire Monero

New research shows that Monero (XMR) is the most popular digital currency among cybercriminals who are spreading crypto mining malware.

Last week, Sergio Pastrana and Guillermo Suarez-Tangil, researchers from Universidad Carlos III de Madrid and King’s College London, respectively, released their report, which estimated that hackers had mined at least 4.32 percent of the entire Monero in circulation.

The researchers write:

“Overall, we estimate there are at least 2,218 active campaigns that have accumulated about 720K XMR (57M USD). Interestingly just a single campaign (C#623) has mined more than 163K XMR (18M USD), which accounts for about 23% of the total estimated. This campaign is still active at the time of writing.”

However, the two are not sure if malware owners have cashed out their cryptocurrency and to what portion if they have. The uncertainty is due to the lack of information and cryptocurrencies’ fluctuating prices. The total XMR value is at $40 million, by the time of writing.

The study indicates that about 4.4 million malware samples are analyzed from 2007 to 2018 or over a period of 12 years. The paper has also identified 1 million malicious miners.

Strategies employed to distribute malware vary. However, Pastrana and Suarez-Tangil state that a “common yet effective approach is to use legitimate infrastructure such as Dropbox or GitHub to host the droppers, and stock mining tools such as claymore and xmrig to do the actual mining.”

The researchers identify Bitcoin as the second “most prevalent” and most favorite crypto by cybercriminals even if its popularity has rather diminished over the years. In addition, the pair says that bad actors have also experimented with other altcoins like Dogecoin and Litecoin in 2013 and 2014 before going back to Bitcoin and Monero, perhaps due to the profitability of the two cryptos.

The team also identifies that in terms malware-related wallets, Monero represents 56 percent more than Bitcoin, while Zcash places third.

Meanwhile, research published by McAfee in December indicates that crypto mining malware cases have increased by more than 4,000 percent in 2018. The increase represents a rapid takeover by malware from the previous favorite, ransomware.

In November 2018, a study completed by Check Point Software Technologies, an Israel-based cybersecurity company, states that a Monero mining malware known as KingMiner has been evolving over time to evade detection.