New threat actor called Rocke distributing and executing crypto-mining malware using variously toolkit and Git repositories to mine Monero cryptocurrency. Malware could be initiated by the same gang or individual cyber criminals exploiting Oracle WebLogic server vulnerability (CVE-2017-10271) which is Java deserialization vulnerability in the Adobe ColdFusion platform. The miner can be purchased online for $14 and targets malicious actors and cybercriminals advertising for the miner promotes it as offering startup registry key persistence, mining only while idle.”]
Source: https://gbhackers.com/sophisticated-crypto-mining-malware/