What's the story?

Monero is a cryptocurrency designed to keep users anonymous and known to be highly resistant to transaction analysis by law enforcement. It is rapidly becoming the cryptocurrency of choice in the cyber-criminal underground economy. Monero is also extremely popular with operators of miner malware—like WannaMine—malware that infects personal computers and uses the spare processing power to “mine” cryptocurrency—because of its low difficulty rate, compared to other cryptocurrencies of similar value.

Download the threat analysis technical report [PDF].

What does it mean?

Monero is popular and easy to mine. It was initially positioned as a major competitive alternative to Bitcoin. Its popularity is actually due in large part to the demand from the criminal underground. In 2016 administrators of the now defunct criminal marketplace AlphaBay attempted to manipulate the price of Monero, encouraging mass buying of the currency. This pushed Monero into the cyber criminal mainstream. Monero’s capabilities are now being promoted as part of the suite of criminal malware available on the black market. It is also believed it is being used by state-sponsored cyber operations groups affiliated with North Korea attempting to avoid sanctions. Organizations in all industries should take note because they may have to deal with miner malware, or other types of criminal probing/hijacking attempts related to Monero. Financial Services and Government Agencies in particular may have already been affected.

What can you do?

To reduce the risks and impact of Monero miner malware on your organization, security teams should:

  • Monitor system performance of hosts with business IT network environments to detect unusual rises in CPU or GPU use—or performance degradation
  • Monitor outbound network communications to known Monero mining pools
  • Monitor for cryptocurrency wallet and mining pool addresses in host process memory via endpoint detection and response (EDR) tools


Accenture Security

Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence.  Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.

Accenture, the Accenture logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Accenture and its subsidiaries in the United States and in foreign countries. All trademarks are properties of their respective owners. All materials are intended for the original recipient only. The reproduction and distribution of this material is forbidden without express written permission from Accenture. The opinions, statements, and assessments in this report are solely those of the individual author(s) and do not constitute legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or affiliates. Given the inherent nature of threat intelligence, the content contained in this report is based on information gathered and understood at the time of its creation. It is subject to change. Accenture provides the information on an “as-is” basis without representation or warranty and accepts no liability for any action or failure to act taken in response to the information contained or referenced in this report.

Copyright © 2020 Accenture. All rights reserved. Accenture, its logo, and High Performance Delivered are trademarks

Joshua Ray

Managing Director – Accenture Security

Subscribe to Accenture's Cyber Defense Blog Subscribe to Accenture's Cyber Defense Blog