Cryptominers were the most common malware threat in 2021

An abstract image of digital security.
(Image credit: Shutterstock) (Image credit: Shutterstock)

Stealing sensitive company data might make headlines, but many cybercriminals still prefer installing cryptominers on compromised endpoints for quick, easy, and relatively harmless profit, new research has suggested.

A report from Atlas VPN and Trend Micro found cryptominers were the top malware family in 2021, with exactly 150,909 detections over the course of the year.

“Mining” cryptocurrencies such as bitcoin, or ether, requires heavy computational power, an active internet connection, and plenty of electricity. Crooks have learned of ways to install cryptocurrency miners on compromised devices, and have all the proceedings sent to their private wallet address.

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Targeting businesses

Besides raking up the electricity bill for the victim, a cryptominer will often render the device unusable. 

Threat actors most often targeted information and communication businesses with malware, discovering 561,753 malware files in emails sent to employees in the industry. Retail was second, with 397,072 weaponized emails sent, followed by the construction industry, with 356,952.

At the bottom of this list were the finance and manufacturing industries, receiving “just” 198,408, and 188,373 malware files, respectively.

Despite the relative popularity of cryptominers, they’re far from being the only virus being distributed around. Web shell scripts, which allow attackers to access sensitive content, or set up a ransomware attack, were detected 149,290 times. 

The Ulise malware accounted for 145,321 detections in 2021, followed by WannaCry with 97,585 detections. 

“Malware attacks enable attackers to profit off businesses simply and efficiently. Companies that become victims of cyberattacks often become vulnerable to data theft, hijacking, and other similar cyberattacks in the future,” commented cybersecurity writer at Atlas VPN, Vilius Kardelis.

“By employing good cybersecurity practices and applications, businesses can mitigate malware attack risks.”

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A person at a laptop with a cybersecure lock symbol floating above it.
Cybercrime gang targets victims with "triple threat" attacks
Android phone malware
Over 25 new malware variants created every single hour as smart device cyberattacks more than double in 2024
Hands typing on a keyboard surrounded by security icons
Infostealers on the rise: the latest concern for organizational defenses
Flags of Iran, China, Russia and North Korea on a wall. China North Korea Iran Russia alliance
Cybercrime is helping fund rogue nations across the world - and it's only going to get worse, Google warns
DeepSeek
Fake DeepSeek installers are infecting your device with dangerous malware
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Latest in News
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound
Google Maps on a phone being held in someone&#039;s hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI