Researchers from the Universidad Carlos III de Madrid, as well as the King’s College London, have analyzed a large set of data including over 4.4 million malware samples collected from 2007 to 2018. The researchers quantified the amount of Monero cryptocurrency (XMR) coins that criminals using crypto-mining malware have been able to acquire.

OSINT data and static/dynamic analyses were grouped to efficiently extract data from these malware samples. This includes mining pools and wallet identifiers.

Processing pipeline and measurement methodology
The study’s processing pipeline and measurement methodology – Credits to

The remaining information extracted has allowed researchers to estimate the rough sum of profits secured by cryptojacking campaigns, simply by analyzing public payment records generated as rewards around these crypto-mining schemes.

As of now, crypt-mining malware is estimated to have made at least a 56 million (USD) dollar impact on the Monero market, equating to roughly 4.3%.

Since crypto-mining is recognized as a “lower priority threat” to most security companies, they ignore it and do not pay attention to these malware campaigns. (P.S. – Don’t worry, TriVault does… We prevent your machine’s resources from being mined on.)

Crypto-mining on other people’s machines is a malicious activity. This is commonly done by crooks or criminals with malware samples that they can spread or inject onto desktops, laptops, servers (they love these), or mobile devices owned by owner people to mine cryptocurrency without having to pay for the hardware or the electric/energy used to mine the currency.

Malicious mining is an extremely profitable exercise

These malware campaigns use either web-based mining tools (drive-by mining campaigns), which are embedded into websites they have hacked or that they have uploaded to bulletproof hosts, or they are a dedicated miner delivered inside of a downloaded/executable malware file, or multiple files, which are commonly encrypted so that antivirus suites cannot detect them.

Illicit crypto-mining campaigns provide the opportunity for these criminals to compete with legitimate cryptocurrency farms. They have a much higher rate of profit since they don’t have to pay for the energy usage.

Crypto-mining campaigns allow these actors to effortlessly compete with legitimate cryptocurrency farms, with an exponentially higher profit rate given that they don’t have to pay for any of the used resources.

Previous crypto-mining malware studies
Previous crypto-mining malware studies – Credits to

Researchers in the past have previously addressed the subject of illicit/malicious crypto-mining, with the “Botcoin: Monetizing stolen cycles.” paper from 2014, being the first one to study this subject. The findings were that at least 4500 bitcoins (around $3.2 million USD at the time in 2014) were mined through malware.

Malicious crypto-mining campaigns have been around for a few years now. With crypto prices declining, expect an increase in these operations. This is because crypto-mining is based on difficulty and pool sizes, meaning with prices being so low, legitimate farms are losing profit margins and competing with large amounts of resource to get a small payout. This will eventually lead to decreased competition, and the cost of energy is only an issue for legitimate miners.