Almost a third of U.K. businesses said they had been hit by cryptocurrency mining malware within the previous month, according to new research.

In a survey published by Citrix, almost 60 percent of responding companies further indicated they had found mining malware on their systems at some time in the past, with the vast majority of those instances (around 80 percent) being in the last six months.

As reported by ZDNet, the research also found that 60 percent of afflicted firms said less than 50 computers had been infected, while a tenth said over 100 machines had likely hosted illicit mining code.

Crypto-mining malware, which has ballooned in popularity among cybercriminals since last year, is hidden software that infects victims’ devices, harnessing their processing power to mine cryptocurrencies. Mining code can also be concealed within websites to tap visitors’ devices for the same purpose.

Recent reports have indicated that while, last year, ransomware was by far the most popular tool in the online bad actor’s box, illicit miners have now taken over and represent around 32 percent of all malware attacks.

Uncovering mining malware is not always easy, either. According to the survey, while network monitoring software discovered the malware in over a third of cases, a similar number were reported by company employees, and 16 percent found the intrusions after devices noticeably slumped in performance.

While the figures emphasize the need for companies to put measures in place to counter the rapidly growing threat of malicious miners, the research suggests that a fifth of firms still have not done so.

Recently, researchers at Kaspersky Labs recently reported that a new form of cryptojacking malware has been spreading across corporate networks in nations including India, Brazil, Colombia and Turkey. The miner “is capable of stealthily establishing itself in a system and spreading across large corporate networks infecting both workstations and servers,” Kaspersky said.

Another attack reported this month by security firm Trustwave was found to target MicroTik routers and led to the installation of the Coinhive mining software on over 17,000 devices, largely in Brazil.

Malware image via Shutterstock