>If these cryptojackers were to mine Bitcoin or Ethereum, their transaction details would be open to the public, making it possible for law enforcement to track them down<p>That doesn't actually matter at all. Monero is used for these purposes probably just because it's mineable only on CPU, thus viable to mine on ordinary hardware. (Bitcoin requires ASIC and Ethereum high-end GPU)
My employer does a pretty good job of giving us terrible hardware so the thought of mining on it is self-discouraging.<p>They have no problems giving us space heaters though.<p>As largely a joke, I sometimes fire up monero mining on my laptop at home because the average proceeds exceed electricity cost, even though it’ll take me about a decade to ever get a block. The heat is just cake icing.
I feel bad about this because I wrote an article[0] about how to hide Monero miners on Linux systems. Sometimes I ask myself if I should unpublish it as probably some of the criminals doing this type of attacks found it helpful.<p>[0] <a href="https://alfon.xyz/posts/hiding-cryptominers-linux" rel="nofollow">https://alfon.xyz/posts/hiding-cryptominers-linux</a>
Overheard this from HPC people: 'it's easy to detect cryptominers on the system, it's the only software that uses the nodes efficiently'
Title is somehow misleading. This is not about uncovering Monero users in the wild and exposing them which are criminals, as I first believed when reading the title. This is about detecting unwanted Monero miner on your system. But if you're already pwned that an unwanted process is already running on your system, a Monero miner is the least of your worries.
Now they just need to do it with the chip's EM signature like in that PoC a few weeks ago...<p><a href="https://hackaday.com/2022/01/19/identifying-malware-by-sniffing-its-em-signature/" rel="nofollow">https://hackaday.com/2022/01/19/identifying-malware-by-sniff...</a>