5 percent of all Monero mined by malware mining

Monero Mining

Monero (XMR) is the most popular cryptocurrency when it comes to mines using malware. The company Palo Alto Networks stated in a report that at least 5 percent of all XMRs were mined by malware mining. That corresponds to a value of about 90 million euros.

In a report on the growth of crypto mining, the Palo Alto Networks Research Center found that Monero is by far the most popular crypto currency for malware mining. A good 80 percent of all malware spills Monero.

How the researchers came to the information

Monero is a private cryptocurrency. All transactions are anonymized by default. In addition, the mono-mining algorithm is “ASIC-resistant”, meaning that you can mine XMR with just one CPU or GPU. These circumstances make it economical and safe to mine for malware. For this, one infects the computers of ignorant people with software, which then calculates the proof of work in the background. Since Monero is private, information about blockchain analysis can not be obtained.

Instead, the Palo Alto Network uses their own WildFire Malware Analysis to detect the number of crypto-miner malware. Out of the almost 500,000 samples, three dimensions in particular could be read:

  • the affected cryptocurrency
  • the wallet and email address associated with a mining pool
  • the mining pool

Here it already turned out that Monero is with 84 percent, the most concentrated cryptocurrency. One identified well over 2,300 XMR Wallet addresses. In the next step you asked the mining pools for payouts to the respective addresses. So while the Monero Blockchain does not reveal any information about cash flows, mining pools may divulge their users’ data. It turned out that just under 800,000 XMR was sent to these addresses.

While more than 2,000 addresses were identified, it was recognized after closer analysis that just under half received an amount of over 0.01 XMR (about 1 Euro). Only 244 of the Wallet addresses received a payout over 100 XMR (about 10,000 euros) and just 16 addresses collected over 10,000 XMR (about 1 million euros). The big discrepancy is explained by Palo Alto Networks malfunctioning malware.

The malware’s hashrate is 19 MH / s, which is about 2 percent of the current global Monero Hashrate.

Inaccurate numbers

You could only analyze malware mining from known pools. Browser mining and independent botnets remain hidden from this analysis. The numbers mentioned are therefore the lower limit of malware activity in the Monero network. The intransparent block chain makes it difficult to get far-reaching conclusions about network activity. Currently, about 8 percent of the Monero Hashrate comes from unknown sources.

image by shutterstock