Recent reports claimed that Rakhni, a ransomware strain, has developed a new coinminer component that allows it to sneak into the funds of Bitcoin users. Rakhni is said to have the ability to lurk around a targeted computer before inflicting an attack. It then can either infect a computer right after sneaking in or run a coinminer module from a remote server.
Rakhni enters a computer system through spam email campaigns. These spam emails contain a malicious file attachment that when downloaded and launched will allow the threat to inflict the device.
Source : Info Security Center