The story is not completely wrong but, when you read those articles, the perception now is that the entire attack revolved around Bitcoin mining, which is false. We saw the Bitcoin miner too but omitted it from our initial excerpt because, according to our own telemetry, only 4% of the victims that we rescued received this malware. And contrary to popular belief, click fraud and banking malware is a lot faster lucrative than mining Bitcoins with malware, as a miner likely requires specific hardware to be effective and that it will not survive long on a victim’s computer. In fact, this miner is easily picked up by antivirus software. And infected users will certainly notice the stressed out processor and/or GPU, which seriously hinders normal work or gaming. Let me provide some useable evidence. ... So the attackers do not have a 2.5-million-large Bitcoin mining network (or ‘bitnet’). This ‘bitnet’ is also not as effective as some think. A single infected computer with e.g. a decent NVIDIA GTX 560 Ti display card would take a week to generate EUR €0,1430 (at about 85.1 MHash/sec). We do not have hardware specifications of any or all victim computers, so let’s assume (hypothetically) that 1/4 of these infected machines would have this special NVIDIA display card. Also assuming that the miner would not have been noticed by antivirus software or the user, this ‘bitnet’ of 25,000 computers (1/4 of 4% of 2.5 million) would have generated about 5.5 BTC, or EUR €3,575 at the current exchange rate of the virtual currency. The created perception that Bitcoin mining was the driving force behind the Yahoo attack is just plain wrong. The attack is about the people who earned a lot by offering their malware staging area at Yahoo to a multitude of criminals. Hence the enormous variety of malware. Surely, malware designed to steal your identity or banking credentials is far more threatening than malware which only takes a toll on your computers speed.