Study Finds 4 Percent of Monero Mined with Malware over the Last 12 Years
Researchers at Universidad Carlos III de Madrid and King’s College London have found that from 2007 to 2018, around $57 Million of Monero was mined via. Malware, January 3, 2019.
Background of the Study
The joint study co-authored and compiled by two researchers was published January 3, 2019, and it states that four percent of the Monero mined over the last decade was done by the use of malware bots.
The study was carried out through an analysis of 4.4 million malware samples finding that one million of them were used to mine Monero from their hosts.
The one million malware strains were then analyzed over a 12 year period from 2007 to 2018. During this time, the scientists looked out for indicators of compromise and also made use of static and dynamic analysis techniques to extract information from malware strains.
Some of the information gathered included the crypto addresses and mining pools form which funds were funneled through.
After collection, the data was then analyzed and the previous payments used for each Wallet was used to track down the groups behind the activities. The groups were categorized by the similarities in approach and wallets and mining pools that were used.
When the information was further examined, it was discovered that while a variety of currencies were mined, Monero was by far the most popular among cyber-criminals. In total, about 4.32 percent of all Monero coins were mined by crypto-mining malware botnets. The amounts earned as a result of the use of the malware botnets is hardly insignificant.
The paper writes:
“Although this depends on when criminals cash-out their earnings, we estimate that the total revenue accounts for nearly [$57 million]”
There was also a recorded disparity in the success rates of different types of malware; cyber-criminals who rented their malware had significantly greater success rates than those who built their malware from scratch, which is telling of how sophisticated malware technology has become. Those who do build their own malware also tend to do so around the xmrig open source tool.
There is a preference amongst these botnet groups in the deployment of their malware, regardless of whether they are bought or built and the biggest source of addresses for cyberspace-criminals trying to cash out their malware. Namely, the site crypto-pool.fr was used to cash out $47 million in total.
Why is Monero so Popular?
The popularity of Monero being used for cybercrime cannot be ignored as it extends past both malware deployment and far more egregious crimes such as kidnapping.
The reason for this is that Monero is an untraceable currency, making it ideal for real-life crimes and Monero mining is less difficult than mining Bitcoin-based cryptocurrencies which makes the use of malware to target Monero much easier.