A modular malware with worm capabilities exploits known vulnerabilities in servers running ElasticSearch, Hadoop, Redis, Spring, Weblogic, ThinkPHP, and SqlServer to spread from one server to another and mine for Monero cryptocurrency. PsMiner’s worm module also has the capability to brute force its way in, whenever it finds targets that uses weak or default credentials, as well as crack user credentials using an additional brute force password cracking component. In just two weeks, the miner accumulated a total of about 0.88 Monero coins.
Source: https://www.bleepingcomputer.com/news/security/malware-spreads-as-a-worm-uses-cryptojacking-module-to-mine-for-monero/