A French and U.S. law-enforcement effort has neutralized 850,000 infections by a cryptomining worm known as Retadup. The worm has been distributing the malicious XMRig cryptocurrency miner to computers running the Windows operating system. The malware avoids mining when taskmgr.exe is running so that it s harder for users to detect the increased CPU usage caused by the mining activity. A harder-to-implement technique called process-hollowing allows the authors to bypass security solutions.
Source: https://threatpost.com/cryptomining-worm-infections-self-destructs/147767/