A hybrid Monero cryptominer and ransomware bug has hit 20,000 machines in 60 days. At its previous peak in February, the Monero Miner cryptocurrency ransominer was targeting more than 2,500 users a day, disguised as an antivirus installer. Now, the tricky hybrid malware is on the rise again, this time impersonating an ad blocker and OpenDNS service. In total, it has infected more than 20,000 users in less than two months, researchers at Kaspersky warned, in a report on Wednesday. Ransomining lets threat actors take over computing power to mine cryptocurrency — in this case Monero — and also encrypts the data to hold for ransom. In this case, the open-source XMRig ransominer is used as its base, Kaspersky said.