Monero recently upgraded its network, keeping in line with its constant efforts to steer clear of ASIC centralization. One of the major network upgrades included the shift of the mining algorithm from CryptoNightR to RandomX. The new algorithm not only puts ASIC miners at a disadvantage but also limits GPU mining to an extent. The main aim of the algorithm shift was to give CPU miners the upper hand, considering it was more egalitarian, and thereby ushering even distribution of computational power.
Along with making mining more decentralized, RandomX is also expected to decrease botnets and malware mining since it’s memory-hard. Botnet and malware mining has for long plagued the Monero community, even drawing the attention of regulatory authorities.
One of the latest in this series was Stantinko botnet, which according to We Live Security, has been mining Monero “since at least August 2018” and was reported to have mined over $2.3 million worth of Monero. Notably, a report by Bloomberg stated that French police “located and dismantled the pirate server” of a botnet used for mining Monero, earlier this year in August.
On being asked whether there’s going to be an increase or decrease in mining bots, during the latest session of Monero talk, Howard Chu, CTO of Symas Corp., said,
“[…] the numbers really aren’t going to change that much […] if anything is out there that’s so old that it’s got less than 4 gigs of RAM, it’s not going to be running a RandomX miner anyway […] there’s a good case to be said that the size of mining bots on RandomX will be smaller than it was before […]”
Meanwhile, Justin Ehrenhofer pointed out that there was now a RandomX malware sniffer, with which end users can detect whether or not there was a RandomX malware in their computers. With the sniffer in the picture, Ehrenhofer added that mining malware had to be 1-5 percent effective compared to what it used to be, or had to “modify the entire operating system.”
Subsequently, Jethro Grassie, developer and contributor of Monero, stated that since there was a requirement of 2 GB RAM it would be “pretty difficult to hide” the mining process. He further stated that there hasn’t been “any evidence to suggest that [mining malware and botnets are] significant, adding “I don’t see anything with RandomXthat suggests that number is going to grow.”
As to whether mining malware/ botnets are something to be concerned about, Ehrenhofer stated that it depends on how it’s defined. In terms of “really strict Monero perspective,” it was not a problem, nevertheless, it was related to Monero.
“If you mean Monero’s problem in terms of the network; no, it’s not really Monero’s problem, most likely assuming that you don’t have a single enourmous malicious botnet that actually does a successful attack […] in terms of the optics surrounding Monero, it could be Monero’s problem […] group of people dedicated to preventing mining malware and having made antivirus that catches it […]”