Malware groups are estimated to have raked in at least US$97 million (A$128 million) from Monero cryptocurrency miners that have been added to their code.
Research by Palo Alto Networks showed a steep rise in malware samples being detected by the company through 2018 that contained some form of cryptocurrency miner.
Just under 90 percent of mining malware samples the company analysed targeted the Monero virtual coin, with bitcoin the second most desirable coin, targeted by 8.5 percent of malware samples.
The figures mean that “around five percent of all the Monero currently in circulation - 15,962,350 XMR” - has been mined using code running on infected devices.
While mining Monero through malware has overall been lucrative, it appears to be hit-and-miss for malware writers themselves.
The researchers said as many as half of all wallets tied to malware campaigns “have been unable to generate any meaningful amount of Monero”.
Though this was “likely due to the malware being unsuccessful”, the researchers noted that the malware’s financial successes could just be well hidden.
Only 10 percent of wallets analysed by the researchers took in 100 XMR or more (US$12,207 or A$16,117 based on current exchange rates).
Only 4 percent of all wallets saw more than 1000 XMR, and just 0.68 percent of wallets had a balance of over 10,000 XMR.
Palo Alto Networks noted that stopping cryptocurrency mining malware continued to be challenging.
“Defeating cryptocurrency miners being delivered via malware proves to be a difficult task, as many malware authors will limit the CPU utilisation, or ensure that mining operations only take place during specific times of the day or when the user is inactive,” the company said.
“Additionally, the malware itself is delivered via a large number of methods, requiring defenders to have an in-depth approach to security.”
Earlier this year, server administrators were warned that cryptocurrency mining malware was being targeted at Windows and Linux boxes.