Because that's where the money is. Criminals have been installing cryptocurrency miners on victim machines that turn them into sources of money. These operate without the users' knowledge, and they operate even when your browser's closed. Apart from being criminal, they're troublesome because coin-mining is a resource hog.
Our friends at Malwarebytes have discovered one new campaign that's mining the cryptocurrency Monero. It affects Windows machines running the Chrome browser. When a user visits an infected site, an ad network (Ad Maven) opens a pop-up and loads a page hosted on elthamely[dot]com, which, via cloudfront[dot]net, proceeds to retrieve a payload from hatevery[dot]info. This opens a hard-to-find pop-under window that hides on the task bar, beneath the clock. You'll want to check task manager to see if something suspicious is running.
Macs aren't immune from this kind of crime, either. SentinelOne has found a Monero-mining Trojan, "OSX.CpuMeaner," circulating in the wild.
Cryptocurrency accounts are being raided.
For hoods without the patience for mining, direct theft of other people's cryptocurrency holdings is an attractive option. There's currently a bull market in Bitcoin, and the cryptocurrency's value is rising. With increased value comes increased attractiveness to criminals.
Bitcoin Gold, a legitimate cryptocurrency operation, disclosed last week that their Github repository had been broken into. Crooks replaced two Windows files there with malicious ones, and the goal was to inveigle users of Bitcoin Gold to part with access to their wallets. If you downloaded Bitcoin Gold's official Windows wallet from their site between the 21st and 25th of November, you're vulnerable. Bitcoin Gold suggests you scan your system and remove any malware. Better yet, move any Bitcoin to a different machine.
It's not just ordinary crooks who are after cryptocurrency. North Korea is notoriously cash-strapped, and the regime in Pyongyang hasn't been shy about turning to theft to make up its shortfalls. The regime has developed a strong interest in the possibility of illicitly obtaining Bitcoin, as FireEye reported back in September.
It's now emerged that courses in cryptocurrency are being offered, and well-attended, at Pyongyang University (Bitcoin News). It's doubtful that this represents a sudden disinterested intellectual interest on the part of the undergraduates, so if you're involved with cryptocurrency, look to your security and brace for a North Korean crimewave driven by spear phishing.