Monero has caused a little storm in the headlines of late thanks to a piece of malware mining it in secret on Android devices. The malware, which was first spotted by security software company Malwarebytes, redirects users to websites that tap into a device’s processing power to mine the Monero cryptocurrency.
The malware itself was first discovered on Windows PCs and Google’s Chrome OS and would redirect users to tech support scams. When investigated on mobile, the same malware took people to cryptomining pages.
The mining pages only contained a CAPTCHA code and, until the user successfully filled in the CAPTCHA, the site would mine Monero (XMR) at full kilter. It’s estimated that of the five domains Malwarebytes identified, around 800,000 visitors landed on those pages each day. On average, visitors would spend around four minutes on the site mining Monero.
In terms of monetary value, it’s hard to really pin down exactly how many XMR coins the hackers are actually earning. Malwarebytes estimates it’s only a few thousand dollars a month but, due to the fluctuations in cryptocurrencies value, that could shoot up to hundreds of thousands or millions in a very short space of time.
But what, exactly is Monero and should you really be worried about it?
In essence, there’s nothing inherently wrong with Monero, it’s the mining you need to be concerned about. As Malwarebytes states, you need to make sure you’re running the same security tools on your mobile devices as you do on your PC. It’s a portable computer, and can be used as such. Unwanted cryptomining isn’t just a nuisance, it could permanently damage your device through overheating and battery drain.
Interestingly, media outlet Salon has also begun to use Monero mining as a means to supplement lost ad revenue from ad blockers, as The Financial Times reports. Those who visit the site with an ad blocker enabled are offered the option of either disabling the blocker to view content or to “Suppress Ads” by mining cryptocurrencies with your “unused computing power”.
The feature, which is still in beta, is designed to make back the money lost through ad blockers. While it may negatively impact a user’s device performance, as it’s an opt-in system instead of an unwarranted process, users know what they’re getting themselves into.
What is Monero?
For those wondering what Monero is, and if it’s actually a cause for concern, you can rest easy knowing that it’s essentially like any other cryptocurrency out there.
Monero itself poses you little to no risk. It promotes itself as a “private digital currency” that’s “open-source and accessible to all”, but it doesn’t do the mining. It’s likely the mining found in the malware programme and on Slate come from a service similar to Coinhive’s tech that hackers used to hijack YouTube ads and government websites.
Interestingly, and one reason hackers may have picked it over any other type of currency to mine, Monero is actually close to gold in how it works. Because Monero is untraceable and entirely secure, it has fungibility that Bitcoin and many other cryptocurrencies lack.
Fungibility, as described by Wikipedia, is an economic term meaning that the individual units of a good or commodity are completely interchangeable. That may seem like every currency in the world is fungible but, in reality, no two £10 are the same thanks to their unique serial numbers. This means that, if some money was stolen or used for illegal purposes, you could trace its history and find out that it was obtained illegally or spent illegally. The same is true of Bitcoin, where every bitcoin transaction logged on the blockchain is given a unique ID and can have its entire history traced.
Monero, on the other hand, doesn’t have individual serial numbers attached to its coins. It revels in allowing its users complete privacy and so it’s treated like a traditional commodity like gold. This means nobody will know if an individual Monero coin was stolen from someone else and spent on drugs. In the eyes of Monero’s creators, this means you won’t find yourself in a situation where your Monero transaction is refused because you happened to end up with a set of coins that have an illegal past – as a lot of early Bitcoin tends to.
Monero is also pretty much completely untraceable. It still uses a blockchain to log transactions, but it obfuscates origins by making use of ring signatures, confidential transactions and stealth addresses to build an untraceable web. Basically, if you want to spend your Monero on something dubious, nobody will know who bought it, what was bought or where it was bought from.
While this certainly all sounds rather sketchy, Monero positions itself as the cryptocurrency without any of the concessions around privacy that many users feel are unnecessary.