American software security firm Symantec found a spike in a new crypto mining malware that  mainly targets enterprises, TechCrunch reports on April 25.

The new cryptojacking malware, dubbed Beapy, uses the leaked United States National Security Agency (NSA) hacking tools to spread throughout corporate networks to generate big sums of money from a large amount of computers, the report notes.

First spotted in January 2019, Beapy reportedly surged to over 12,000 unique infection across 732 organizations since March, with more than 80% of infections located in China.

As found by researchers, Beapy malware is reportedly spread through malicious emails. Once opened, malware drops the NSA-developed DoublePulsar malware and uses NSA’s EternalBlue exploit, the same exploits that helped spread the WannaCry ransomware in 2017. According to the report, Beapy also uses Mimikatz, an open-source credential stealer, to collect and use passwords from infected computers to navigate its way across the network.

According to TechCrunch, cryptojacking has seen a decline in recent months, partially due to the recent shutdown of Coinhive, a popular web-based online mining tool. However, file-based cryptojacking such as Beapy is reportedly much more efficient and faster, which allows hackers to make more money.

As such, in a single month, file-based mining can generate up to $750,000, compared to just $30,000 from a browser-based mining activity, Symantec researchers said.

As recently reported, crypto mining is one of the most observed objectives of hackers attacking businesses’ cloud infrastructures, with organizations of all sizes continuing to face major crypto mining attacks despite the bear market.

Recently, a federal jury convicted two Romanian alleged cybercriminals for spreading malware to steal users credentials and illicitly mine cryptocurrency.