From helpnetsecurity.com
Cloud infrastructures are a growing target for threat actors looking to mine cryptocurrency, as their vast computational power allows them to multiply the mining malware’s effect.
Keeping its presence from being noticed as long as possible is, naturally, a goal worth striving for and criminals are coming up with new ways to achieve it.
One of the approaches, employed by a threat group dubbed Rocke, is to uninstall agent-based cloud security products before downloading the mining malware and starting the mining process.
The coin miner targets Linux machines and mines Monero (by far the most popular cryptocurrency among criminals deploying mining malware).