In a research, Sophos describes new variants of the miner that include a PowerShell script that attempts to disable malware protection