Monero Malware WorkGroup Established to Fight Back Against XMR Cryptojacking

  • The Monero Community has condemned widespread attacks where malicious actors mine XMR using the computing resources of unsuspecting users.
  • The Monero Malware WorkGroup has been established to provide users with the necessary tools and resources to protect themselves from cryptojacking.

The developers of Monero (XMR) recently condemned the widespread “crypto malware campaign” involving the privacy-oriented digital currency. XMR has been increasingly mined by hijacking the computing resources of unsuspecting users.

In a September 26 blog post, the Monero community wrote:

[We] condemn this malicious, non-consensual use of equipment to mine (XMR) … The Monero community does not want to sit idly by as victims struggle to understand the impact of mining and ransomware.

Monero Community

Monero Malware WorkGroup

In order to address the growing threat and damaging effects of stealing the computing power of numerous users to selfishly mine XMR, the Monero community will reportedly establish the Monero Malware WorkGroup.

The WorkGroup will consist of volunteers who “maintain resources and provide live support” via the crypto’s official Slack channels, Riot/Matrix, Mattermost, and Freenode. The Monero team has also encouraged everyone to join their communication network in order to help out.

Monero’s workgroup aims to provide the necessary tools and assistance for protecting users against security threats such as cryptojacking and various other intrusive attacks carried out by using malware programs.

"Providing The Necessary Education"

The aim of Monero’s cybersecurity campaign is to “provide the necessary education for people to better understand Monero, what mining is, and how to remove malware.” The cryptocurrency’s developers acknowledge that they will not be able to completely “eliminate malicious mining”, however, their efforts may significantly help reduce the adverse effects of cyberattacks.

As covered on CryptoGlobe, a security vulnerability in MikroTik’s carrier-grade routers in Brazil and Moldova had been exploited by a group of hackers to maliciously mine XMR. The privacy-focused cryptocurrency was reportedly mined via “hundreds of thousands” of affected routers throughout the world.

Also as CryptoGlobe reported, a “burning bug” found in Monero’s codebase was recently patched. The bug, which was discovered after a Redditor described it using a hypothetical scenario, would have allowed an attacker to “burn” or destroy XMR belonging to an organization’s wallet. The attacker would also have been able to engage in double spending, which is a flaw that lets users spend the same digital currency twice.

Bitcoin Ransomware Targeting Google Adsense Users

Michael LaVere
  • A new crypto ransomware scam is targeting users of Google's AdSense.
  • Website owners are being threatened with bot traffic in exchange for paying a bitcoin ransom. 

A new email-based form of crypto ransomware is targeting website owners using banners from Google’s AdSense program. 

According to the report by KrebsonSecurity, the scam involves criminals threatening site owners with a flood of bot and junk traffic to trigger Google’s automated anti-fraud system, leading the suspension of their AdSense account for suspicious traffic. In exchange, the fraudsters are asking for a ransom paid in bitcoin in order to avoid the potential of losing AdSense revenue. AdSense is a Google program allowing website owners to run ads on their platforms.

The report cites an unnamed website owner targeted by the scam, who shared an excerpt from the ransom email,

This will happen due to the fact that we’re about to flood your site with huge amount of direct bot generated web traffic with 100% bounce ratio and thousands of IP’s in rotation — a nightmare for every AdSense publisher.

The message continues, 

This means that the main source of profit for your site will be temporarily suspended. It will take some time, usually a month, for the AdSense to lift your ad ban, but if this happens we will have all the resources needed to flood your site again with bad quality web traffic which will lead to second AdSense ban that could be permanent!

Google told KrebsOnSecurity that the scam is a “classic” threat of sabotage, and that the company has “extensive” tools in place to protect websites against invalid traffic. 

Featured Image Credit: Photo via