Authorities in Shandong province have arrested 20 individuals for hijacking 3.89 million personal computers as part of a rogue cryptocurrency mining operation since 2015 that netted more than 15 million yuan (US$2.26 million). Computer technicians at Tencent, China’s biggest gaming and social media company, first discovered the malware embedded in software designed to enable online gamers to cheat, alerting authorities in January, according to a report posted on the Shandong government’s media site. The malicious programme surreptitiously used the host computer to mine virtual currencies such as DigiByte, Decred and Siacoin without the knowledge of the owner. One of the suspects, surnamed Yang, worked at Dalian Shengping Network Technology. Yan allegedly cloned popular website iqiyi, a Chinese Netflix-style video streaming service controlled by search giant Baidu, and sold the fake subscription at internet cafes, pocketing over 200,000 yuan. Yang also created free downloadable plug-ins which he distributed through chat groups and public forums to gain control over users’ computers, according to the report. Since October Yang had accumulated 8,551.9 Hshare, a form of digital currency, which was worth around 42 yuan per coin, according to police. The owner of Dailian Shengping and its employees installed the Trojan horse-style mining programme in 3.89 million computers, eventually using 1 million servers to mine 26 million units of DigiByte, Decred and Siacoin. Police said the suspects likely targeted lesser known tokens because they are relatively easy to mine and require less computer processing power. It is not clear how the cryptojackers were intending to dispose of the improperly mined tokens, as China ordered all domestic cryptocurrency exchanges to close and halted sales of initial coin offerings since September in a bid to stop speculation and scam fundraising activities. China allows platforms that support digital wallets, enabling storage of cryptocurrencies. The hijacking of computers with intent to mine cryptocurrencies, dubbed cryptojacking, involves tricking computer users to download random software, according to Leonhard Weese, president of Bitcoin Association Hong Kong who advises on bitcoin, blockchain and information security. Ordinary computer users are easy targets because they don’t regularly check up on their servers which may be scanned by hackers for vulnerabilities. More Reading: It takes 556 days of computing and a hefty electricity bill to mine a single bitcoin. Is it worth it? Computers that have been infiltrated are likely to operate more slowly when mining operations are underway. Unsuspecting hosts also were saddled with higher electric bills to run the rogue mining operations. “If it’s done cleverly, then the software will only mine with excess capacity and you won’t notice from the outside,” said Weese. There have been increasing instances of cryptojacking in the wake of the growing popularity of bitcoin and other virtual currencies as an asset class for mainstream investors, according to a report by cybersecurity firm Digital Shadows released earlier this year.