Malware researcher Josh Grunzweig of Palo Alto Networks has identified 470,000 unique malware samples that covertly mine coins on other people's computers. 84 percent of these samples are aimed at mining Monero (XMR).
The researcher decided to find out how many malware have been identified on Palo Alto Network's WildFire platform over time. As a result, he collected 629,126 malware samples and analyzed 3,773 emails that were used to connect to mining pools. Grünzweig found links to 2,341 Monero wallets; 981 Bitcoin (BTC) wallets; 131 Electroneum (ETN) wallets, 44 Eteight (ETH) wallets and 28 Litecoin (LTC) wallets.
Monero was mined through 531,663 programs. The profit of the attackers from such mining amounted to almost $144 million. Almost all of these pools allow you to anonymously view statistics based on the wallet as an identifier. This anonymous browsing is intentional because it allows you to anonymously connect and use different mining pools without entering any personally identifiable information.
By checking the eight largest installations according to 2,341 Monero wallet addresses, the researcher was able to determine exactly how many Monero coins had been mined over time. By looking at the mining pools themselves, rather than the blockchain, we can tell exactly how many coins were mined, without taking into account coins that came into wallets from other sources.
Detecting mining pools installed through malware is challenging, as many malware authors limit CPU load or only mine at certain times when the user is inactive. In addition, the malware itself is installed using a variety of methods.
Palo Alto Networks customers have a number of tools at their disposal to combat this threat on their networks, including Wildfire traps and detection systems. In addition, you can use special applications that determine the activity of cryptocurrency transactions.
According to cbronline
You May Also Like
Wall Street Journal: Hundreds of ICOs are scams
A recent study published in the Wall Street Journal on December 27 found that hundreds of cryptocurrency projects show signs of fraudulent activity and plagiarism.
Hacked Facebook accounts are sold on the dark web
The data of each of Facebook's 50 million users, stolen in late September, is being sold on the dark web. After the social network announced the discovered vulnerability, the company hastened to officially announce that it had been fixed and that there was no threat to users. However, this data breach was one of the largest in the history of the social network, and now a fresh Facebook user database has appeared on underground online markets.
