Lately the same mining tool that appeared on Showtime’s website has been showing up all over the Internet. Released just last month by a company called Coinhive, the tool is supposed to give website owners a way to make money without displaying ads. But malware authors seem to be among its most voracious early adopters. In the past few weeks, researchers have discovered the software hiding in Chrome extensions, hacked Wordpress sites, and even in the arsenal of a notorious “malvertising” hacker group.

Coinhive’s miner isn’t the only one out there, and hackers are using a variety of approaches to hijack computers. Kaspersky Lab recently reported finding cryptocurrency mining tools on 1.65 million of its clients’ computers so far this year—well above last year’s pace.

The researchers also recently detected several large botnets set up to profit from cryptocurrency mining, making a “conservative” estimate that such operations could generate up to $30,000 a month. Beyond that, they’ve seen “growing numbers” of attempts to install mining tools on servers owned by organizations. According to IBM’s X-Force security team, cryptocurrency mining attacks aimed at enterprise networks jumped sixfold between January and August.

The researchers say that hackers are especially attracted to relatively new alternatives to Bitcoin, particularly Monero and zCash. That’s probably in part because these currencies have cryptographic features that make transactions untraceable by law enforcement (see “Criminals Thought Bitcoin Was the Perfect Hiding Place, but They Thought Wrong”). It’s also because hackers can generate more profits mining these newer currencies than they can with Bitcoin. Bitcoin-mining malware was extremely popular two or three years ago, but the currency’s popularity has, by design, made it more difficult to mine, warding off this kind of attack. Hackers are now embracing newer, easier-to-mine currencies.