People mine on systems that they do not own. Try leaving SSH open with weak credentials, or use any software with a recently disclosed RCE. It won't be long until somebody drops a Monero miner.

I mean, I've seen ad-block filters for scripts that try to crypto-mine via peoples browsers through ads on websites, so this is hardly surprising.

Perhaps a virus that uses the computers of unaware victims to crypto-mine. If you infect enough people, I guess you'd stand a chance. Not sure if targeting iot would be the best move for that, and the article seems to insinuate that this was mostly iot based malware, so I don't know.

It absolutely is a bad thing. Unfortunately it's not illegal.

Would you mind explaining that opinion?

Yeah, it wastes an amount of electricity of the scale of a smaller country.