According to the ENISA threat landscape report, one of the emerging cyber threats over the past year is cryptojacking. In cryptojacking, attackers make use of your PC to mine cryptocurrency for them while you browse the web and visit an infected website. As the mining happens within your web browser, the attack can be launched in the background even without you installing any malware.
How cryptojacking actually spreads is by means of compromised third-party software, for example malicious plugins to popular content management systems such as Wordpress, externally hosted libraries such as jquery, as well as malicious code in (pirated) website templates that people download from the Internet. Clever criminals have hidden malicious mining code deeply in many of these, and unsuspecting website owners thus let all of their visitors mine for the criminals' profit. About half of the compromises are driven in orchestrated activity organized in more than 200 campaigns, where the largest actors have about 1000 websites under their control.
To learn more, read the full report or an extended abstract.