![monero crypto web miner monero crypto web miner](https://www.cointiko.com/wp-content/uploads/2018/04/monero-2-1030x1030.png)
A Single Monero Mining Pool Commands 44% of the Network’s Hashrate, Monero Community Members Debate Issue, Pool Admin Addresses ConcernsĪt the time of writing, according to statistics stemming from the web page, the mining operation Minexmr commands 44.084% of the network hashrate. Supporters are asking mining participants to leave a mining pool called Minexmr as they believe the operation threatens decentralization. As attacks spreading this kind of malware are often indiscriminate in nature, they will often hit thousands of organizations at the same time, giving them the capacity to generate much more than just half a dollar.Reports indicate that the Monero community is upset about a specific mining pool that currently commands 44% of the network’s hashrate. Furthermore, victims with larger networks are much less likely to notice the infection. If this infection had gone undetected, the criminal would have earned $15.85 per day, or $475.62 per month. So how is this profitable? It’s a numbers gameĬryptocurrency-mining operations are designed to last for months, not hours. As the miners only ran for around 4 hours, the resulting revenue would have only been $2.64. This leads us to the following calculation: 300 infected devices x 40 H/S = 12000 H/S.Ī Monero-mining revenue calculation tool produced the following results: with a Monero price of $202.43 at the time of infection (disregarding electricity costs), the criminal would have earned roughly $15.85 in 24h. Keeping with a worst-case scenario basis, we will assume all infected devices had only 2 CPU cores and no GPUs, meaning a single infected machine yielded 40 H/S. GPUs, being more efficient for the CryptoNight algorithm, can yield 2-3x the H/S rate of CPUs and beyond. A common number on the lower end of the scale for H/S on a single CPU is 20 H/S for the CryptoNight algorithm used to mine Monero. This number, known as hashes per second (H/S), can differ based on the hardware used. Mining profitability is commonly measured in the amount of hashes calculated per second per CPU core or GPU. We know that 300 machines were infected and that the Monero miners were running for around 4 hours. As a result, we have estimated the figures below on a worst-case scenario basis. To make the mining less detectable, some of the current Monero-mining malware applies restrictions to both the number of threads that can be used and the maximum CPU usage capacity. We have estimated the hypothetical revenue for this particular attack. Within three hours from initial detection, the security team had run a clean-up script on their network which stopped the spread. Using Darktrace, the security team identified the infection within minutes and assessed the complete extent of the infection in less than an hour. As the device had not conducted any network scanning activity in the past, Darktrace flagged the process as an unusual network scan and an anomalous SMB enumeration:
![monero crypto web miner monero crypto web miner](https://i.ytimg.com/vi/GkZiNdp67Zs/maxresdefault.jpg)
After a short time, patient zero started looking for accessible SMB drives by scanning the internal network for devices on port 445. Last month, a customer’s device – which we will call patient zero – became infected with a Monero-miner. This malware, used in attacks such as WannaCry, NotPetya and BadRabbit, uses techniques such as encrypting hard drives with ransomware while also deploying Monero miners.Īs Darktrace regularly detects crypto-mining attempts the moment they occur on a network, we can estimate the cash flow stream a cyber-criminal earned on a laterally moving Monero-miner infection that Darktrace identified. Moreover, a related trend observed recently is that of laterally moving malware which, as its name suggests, moves between devices to execute its payloads in a variety of different ways. Of the various crypto-currencies, the most prominent malware used for illegal mining activities is Monero, a crypto-currency that can be profitably mined on commodity hardware such as laptops and workstations. One of the top malware trends in recent months has been the stellar growth of crypto-mining malware.