The malware drains computing resources by enslaving target computers to perform the calculations required to make the bitcoin network run, but the rewards for doing so go to the malware writer.
Bitcoin mining is becoming increasingly popular with malware developers, reports the Guardian, because it generates profit at no cost.
Light Cyber said the malware was intended to create a huge network of Bitcoin-mining machines.
"The malware writers put a lot of effort into making it as efficient as possible to utilise the computing power in the best way," Light Cyber's founder Giora Engel told the BBC.
Some experts estimate that such networks could be generating as much as £60,000 a day, and as Bitcoins rise in value, this is becoming more lucrative for criminals.
More on exploit kits
- Researcher: Exploit kits revolutionize automated malware production
The compromise of Yahoo’s ad servers also enabled attackers to install a other malware that exploits Java vulnerabilities using the Magnitude exploit kit.
Security experts say Magnitude typically installs malware such as ZeuS, Andromeda, Dorkbot, Tinba and Necurs.
Yahoo has been criticised for not saying how its ad servers were compromised or how many people could be affected, and for not doing anything to help those who have been hit by malware.
According to Dutch security firm Fox IT – which raised the alarm about malicious ads being served by Yahoo – around 27,000 computers were infected with malware every hour.
Yahoo has admitted that malicious ads were served to its European sites for four days before it shut down the compromised ad servers, which means around two million computers could be infected.
Fox IT reported that the countries most affected by the exploit kit were the UK, Romania and France. Yahoo said users in North America, Asia Pacific and South America were not affected.
Yahoo also said the malware did not affect users of Macs and mobile devices.
According to security experts, Magnitude targets outdated versions of Java, which means if Java is up to date, systems are less likely to be vulnerable.
However, most who have commented on the incident have recommended disabling Java to be on the safe side.