The gold rush that cryptocurrencies have created attracted not only the attention of institutional investors but also hackers that wish to get away with hefty sums under the cover of anonymity.

Symantec sees a pattern here, looking back at how the incidence of cryptocurrency mining malware has increased over this year.

“We expect that we’ll see more and more [hackers] trying to infiltrate ad networks, which are included in many websites,” said Candid Wueest, a threat researcher at Symantec.

He was referring to a new phenomenon known as cryptojacking, in which hackers inject code into otherwise legitimate websites, forcing their visitors to mine cryptocurrency using their own CPUs during their stay.

A more “retro” version of this has hackers and website owners using these scripts in a “pop-under” window so that their visitors mine cryptocurrencies even when they leave the site.

“Defacing a website is fun for some people, but it’s not profitable—this is, and so we think it will increase. With the price of cryptocurrencies rising, [malware] could become more profitable and expand. And quite frankly, it doesn’t cost much—there’s so many content management tools like Wordpress that are vulnerable,” Wueest added.

Symantec considers the prospect an “arms race” that will involve both hackers and cybersecurity companies that are working around the clock to counter their threats.

Perhaps one of the first notorious sites to use this script was The Pirate Bay, which was caught in the middle of September using its visitors’ CPUs to mine Monero through a script offered by CoinHive.

Although one would typically expect hackers to hijack a website’s code for this purpose, The Pirate Bay admitted to testing this script themselves on their site.

“As you may have noticed we are testing a Monero JavaScript miner. This is only a test. We really want to get rid of all the ads. But we also need enough money to keep the site running,” said a statement issued by the popular software and media piracy venue.

For the moment, any normal ad blocker would be able to block CoinHive’s script, but we can expect more sophisticated pieces of malware to slip through the cracks over the next year.