Cryptojacking malware activity rose a staggering 629 percent in the first quarter of 2018, according to a new report published by cyber security firm McAfee Labs June 27.

Cryptojacking is the practice of using a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge.

The McAfee Labs Threats Report for June detected over 2.9 million known samples of coin miner malware in Q1 2018 – a 629 percent rise from around 400,000 samples the previous quarter. As per the report:

“This suggests that cybercriminals are warming to the prospect of monetizing infections of user systems without prompting victims to make payments, as is the case with popular ransomware schemes. Compared with well-established cybercrime activities such as data theft and ransomware, cryptojacking is simpler, more straightforward, and less risky.”

As the report explains, by infecting “millions of systems,” criminals can surreptitiously monetize their attack using a mining malware that needs no middleman, requires minimal effort and runs the “least risk of discovery.” As malware develops, attackers are showing “remarkable level[s] of technical agility and innovation.”

According to an earlier McAfee study, coin miner works by using Coinhive code – a program created to mine Monero (XMR) via a web browser, and marketed to website owners as an alternative form of monetization, instead of online advertising. A report earlier this month found that around 5 percent of all XMR in circulation has been mined maliciously through cryptojacking, a figure that was noted to likely be “too low.”

Also this month, a cybersecurity team discovered that 40,000 devices across various industries – including finance, education, and government – had been infected by an XMR miner as part of a hybrid malicious traffic manipulation and crypto mining campaign. In Japan, police recently arrested 16 individuals suspected of involvement in an ongoing criminal case of cryptojacking.