TeamTNT cybercrime group has updated its crypto-mining worm with password-stealing capabilities and with an additional network scanner to make it easier to spread to other vulnerable devices. Black-T, as the worm has been named by Unit 42, collects any plaintext passwords it finds in the compromised systems’ memory and delivers them to the group’s command and control servers. The group is known mostly for actively targeting Docker instances to use compromised systems for unauthorized Monero (XMR) mining, the group now shifted their tactics by upgrading their cryptojacking malware.
Source: https://www.bleepingcomputer.com/news/security/crypto-mining-malware-adds-linux-password-stealing-capability/