diff --git a/scan.py b/scan.py
index 8d373d4..cc10271 100644
--- a/scan.py
+++ b/scan.py
@@ -238,6 +238,7 @@ scoring = {
   'MD5':                      (20, u'md5 strings used in malware'),
   'SOCIALS':                  (50, u'Email addresses, links and social networking'),
   'EITEST':                   (65, u'Eitest'),
+  'CRYPTO':                   (65, u'Cryptocurrency Miners'),
 }
 
 
@@ -546,6 +547,8 @@ def is_hacked(filename):
             or 'Wells Fargo Home Page' in l \
             or 'Chase Online - Logon' in l:
             score.append(('PHISHING', ''))
+        if re.compile('User-Agent.*cpuminer').match(l):
+            score.append(('CRYPTO', ''))
         previous_line = l
 
     if line_num < 20: