Abstract: As the cryptocurrency market becomes more lucrative and accessible, cybercriminals will continue to adapt strategies to monetize the unauthorized use of system resources for mining operations. Some of these strategies involve infecting systems with malware that will deploy a cryptomining application. Other attack strategies involve deploying code to a target’s web browser that will cause the web browser to perform mining operations. This research examines existing cryptomining malware, commonalities in targeting and infection vectors, techniques used by cryptomining malware, and distinguishable differences between legitimate and malicious use. The research found that cybercriminals employing cryptomining malware, attack targets indiscriminately. Additionally, the techniques employed by cryptomining malware are also used by other types of malware. The research tested the impact of cryptomining applications on CPU utilization and showed a clear distinction when comparing the CPU utilization of cryptomining applications to common applications on a desktop PC. The research also found that distinguishing between the authorized and unauthorized use of cryptomining relied heavily on a holistic examination of the system in question. The research synthesized existing literature and the results of the CPU testing to recommend two strategies for detecting malicious cryptomining activity. The optimal strategy involves endpoint, network, and CPU monitoring and the ability to aggregate, and correlate events or alerts produced. A less optimal strategy involves multiple event sources with manual or no correlation, or a single event source.