As the value of cryptocurrencies increased (after a short dip in 2018), we observed increased activity from cryptocurrency mining malware this year, particularly infections and routines involving Monero miners. Over a span of a few months, we came across an infection routine that exploited vulnerabilities to propagate itself, and another that used fileless techniques to evade detection. Other routines involved the use of targeted attack tools to maximize profits, weaponized legitimate tools such as Windows Management Instrumentation to achieve persistence, and other sophisticated malware to hide cryptocurrency malware payloads to cash in on new platforms.