Microsoft says it used Windows Defender Advanced Threat Protection (ATP) to collect information on
malicious coin mining attempts like Trojanized miners and mining scripts hosted in websites, and it discovered that every month between September 2017 and January 2018, an average of 640,000 systems were compromised.