There has been a lot of discussion over the past several months about the amount of Monero that is being syphoned off through cryptocurrency malware. A new study digs deeper into the subject and reveals that the majority of the illicit operations have their footing in a central location – the GitHub repository.
Researchers from the Universidad Carlos III de Madrid in Spain and King’s College London have put together a report (in pdf) that shows crypto-mining malware has allowed thieves to get away with 720,000 XMR tokens. This amounts to around 4.30% of the total circulating supply and could be worth an estimated $57 million. They also point out that most of the malware has been hosted by GitHub.
The report was also able to determine the destination for the bulk of the XMR mining malware. According to the researchers, most ended up in a single crypto mining pool, crypto-pool. Members of the pool have, to date, mined a minimum of 435,689 XMR, or roughly $47 million.
In stealing computer power in order to conduct illegal crypto mining operations, hackers can designate their actions to send the digital currency either to a mining pool or to their own wallets. By sending to a mining pool, there are better odds that mining payments will be received since large mining pools typically receive more blocks to mine. The use of a mining pool also reduces the dependency on special or expensive mining equipment.
In total, there were 2,472 cryptojacking campaigns, with almost all of them – 99% – earning under 100 XMR. The researchers added, “We also observe that while majority of the campaigns earn very little, there are a few campaigns overly profitable. This indicates that the core of this illicit business is monopolized by a small number of wealthy actors.”
GitHub and DropBox, a file-sharing service, were the two most common sources of the malware. The researchers explain that the hackers will use variations of Trojan horses that force the target to download and install the malware. They stated, “We observe that GitHub is the most popular site used to host the crypto-mining malware. This is because GitHub hosts most of the mining tools, which are directly downloaded — for malicious purposes — by droppers. Additionally, GitHub is also used to host modified versions of the miners (e.g., by removing the donation capabilities or adding further capabilities).”
GitHub and Dropbox aren’t alone, however. The researchers also indicated that malware was found hosted on Bitbucket, Google, Amazon Web Services, as attachments on Discord channels and as torrents.
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.