Here are my beliefs
And what if...
1. You've discovered some minor vulnerability, which only may be exploited in extreme conditions, like a miner on a public IP.
2. You've made fuss about it here.
3. You've prepared a malicious software, which when ran on a Windows machine on the same LAN as miner allows
you to take control over miner.
4. Then you, the "benefactor" of the KNC users community, try to sneak your trojan to users and take their miners.
Bullshit? Maybe.
Impossible? Don't think so. Time will tell.
IMHO the best way to deal with the "vulnerability" would be a full, immediate disclosure.
You are right about some parts.
1. If the vulnerability is minor, would KnC upgrade their firmware? It is not just the public IP miners who are in danger
2: If i prepared a malicious software to take control over users miner, would i really opt for an EXE file you think?
Preparing malicious software, and binding it in a simple PDF file, where i claim to describe the method would be far more efficient for that purpose.
People are not suspicious about a PDF, and they need to open it anyway.