In my opinion it varies too greatly to be malware. Various OS's, software and routers. It's possible that if they use similar software for it to be exploited, but I'm unaware of whether they use custom or off-the shelf solutions. But MITM attacks have been very popular lately.
DNS hijacking seems unlikely, as that's a pretty massive thing to implement, and if you have that ability you're probably going after bigger fish.
As far as I know, CM and WP are the two largest profit switching pools. So who are bigger fish that I'm unaware of?
But since it can be
any network connected device that was infected and remotely controlled the mining machines, there could be a common OS between all infected
networks. I agree that it seems unlikely, but occam's razor here. The rest of the options seem
more unlikely.
In regards to DNS hijacking - if you can do that, you're probably going to go after email systems, banking or credit card, or actual websites including hosted wallets. It's like being given a space based laser and using it to open your can of tuna :-)
Right, but going after banks would be much harder with higher chances and consequences for being caught. Hijacking mining services are unique, they are very new and a lot less tried and tested than banking systems. With mining services, they can reap large monetary gain with little chance of federal law enforcement. BTW, you also assume the ones responsible aren't also attacking the other services.
As far as the common factor in all the scenarios would be the routers, as all of them out of the box suck security wise. Usually running an old outdated Linux kernel. But how would the attacker pick random IP addresses for such an attack?
BTW this quoting system sucks