Too Long; Didn't Read
While there has been plenty of speculation, so far there is no way to study the origin of Monero’s 77% unknown hashrate. Certainly some portion is due to typical miners in unknown pools, and some portion is due to botnets. “Botnets” are collections of devices that have been exploited to mine and export Monero in the background, unbeknown to the device owner. Many instances have been documented, [<a href="https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-making-millions-operators" target="_blank">Kafeine 2018</a> & <a href="https://threatpost.com/new-monero-crypto-mining-botnet-leverages-android-debugging-tool/129777/" target="_blank">Kanaracus 2018</a>] however the overall scale of botnet mining is entirely uncharted. Furthermore, it is possible that specialized machines called ASICs (more in the next section) have been secretly producing a large portion of the hash power, however this was typically thought to be unlikely for Monero.