Analysis of new malware samples used by the Rocke group for cryptojacking reveals code that uninstalls from Linux servers multiple cloud security and monitoring products developed by Tencent Cloud and Alibaba Cloud. Rocke’s goal is to compromise Linux machines and use them to mine for Monero cryptocurrency. Researchers from Palo Alto Network’s Unit32 team found that it first gain full administrative control of the machine and then use this position to run a routine that uninstalled local agents that could sound the alarm about malicious activity.
Source: https://www.bleepingcomputer.com/news/security/rockes-cryptominers-kills-competition-uninstall-cloud-security-products/