Nearly 800,000 Monero (XMR) Mined Using Malware To DateA Palo Alto Networks study has found that among 630,000 samples of crypto jacking malware, 530,000 of them were used to mine Monero (XMR) while 53,000 targeted Bitcoin (BTC) as another 16,000 targeted Cryptonite (XCN).
One of the researchers in the study, Josh Grunzweig, was also able to determine the value of Monero that had been mined using malware. Rather than querying the blockchain Grunzweig instead queried the mining pools.
According to Grunzweig, nearly 800,000 XMR has been mined this way to date and this represents about 5% of all the XMRS that are in circulation. The study also revealed that the attackers who were involved in the Monerocrytojacking efforts used about 2% of all the network’s hashing power available across the globe.
Though the mining of Monero using malware has been found to be lucrative it has also been a hit-and-miss affair for the developers of the software. According to the researchers, about 50% of all the wallets which were tied to the malware campaigns found themselves unable to mine a meaningful amount of the privacy-oriented virtual currency. The researchers noted that this could be partly as a result of the malware being unsuccessful though it was also possible that the bad actors could be hiding their financial success.
Per the researchers, only around 10% of the wallets netted amounts of XMR numbering 100 or more. Additionally, only 4% of these wallets contained over 1,000 XMR while a mere 0.68% contained more than 10,000 Moneros.
The researchers noted that stopping digital currency mining malware was a challenging task since most of the malware is designed in such a way that it limits CPU utilization to avoid detection. Also, the mining operations are only carried out during the periods when a user is inactive.
Amazon Fire TV
Recently it was discovered that an Android malware had been built for mining Monero on Amazon Fire TV stick. Known as ADB.miner the malware has been able to proliferate due to the presence of a developer feature in the Android OS called Android Debug Bridge that allows developers to communicate as well as execute commands remotely over the device without requiring authentication. Normally the debug feature is usually dormant as it is supposed to be turned off.
Devices that have been infected with the malware normally display an app known as ‘test’ which pops up interrupting the media streaming as the mining of the virtual currency starts. The presence of the malware first became public two months ago on the forum of Android developers. Not all Amazon Fire TV devices are vulnerable as the problem usually happens when sketchy apps are being sideloaded and in the process turning on Android Debug Bridge.
According to Kevin Beaumont, a cybersecurity researcher based in the United Kingdom, those Amazon TV sticks which have undergone modification in order to ship with open source media player, Kodi, are the worst hit. Once a device has been infected with the malicious code, the malware also attempts to spread to other Android devices and not just Fire TVs.