The Monero coin is most often mined through hidden mining.

Malware researcher Josh Grunzweig of Palo Alto Networks has identified 470,000 unique malware samples that covertly mine coins on other people's computers. 84 percent of these samples are aimed at mining Monero (XMR).

The researcher decided to find out how many malware have been identified on Palo Alto Network's WildFire platform over time. As a result, he collected 629,126 malware samples and analyzed 3,773 emails that were used to connect to mining pools. Grünzweig found links to 2,341 Monero wallets; 981 Bitcoin (BTC) wallets; 131 Electroneum (ETN) wallets, 44 Eteight (ETH) wallets and 28 Litecoin (LTC) wallets.

Monero was mined through 531,663 programs. The profit of the attackers from such mining amounted to almost $144 million. Almost all of these pools allow you to anonymously view statistics based on the wallet as an identifier. This anonymous browsing is intentional because it allows you to anonymously connect and use different mining pools without entering any personally identifiable information.

By checking the eight largest installations according to 2,341 Monero wallet addresses, the researcher was able to determine exactly how many Monero coins had been mined over time. By looking at the mining pools themselves, rather than the blockchain, we can tell exactly how many coins were mined, without taking into account coins that came into wallets from other sources. 

Detecting mining pools installed through malware is challenging, as many malware authors limit CPU load or only mine at certain times when the user is inactive. In addition, the malware itself is installed using a variety of methods.

Palo Alto Networks customers have a number of tools at their disposal to combat this threat on their networks, including Wildfire traps and detection systems. In addition, you can use special applications that determine the activity of cryptocurrency transactions.

According to cbronline