A recently updated cryptojacking malware variant called Pro-Ocean is targeting vulnerable Apache and Oracle WebLogic servers. The malware is tied to a hacking group called Rocke, which has been active since at least 2018. The group is known for mining for monero virtual currency. The latest version of the malware uses a rootkit to help disguise its activities. It uses a native Linux feature called LD_PRELOAD, which forces binaries to load specific libraries before others. This allows the preloaded libraries to override any function from any library.”]
Source: https://www.cuinfosecurity.com/cryptojacking-malware-adds-rootkit-worming-capabilities-a-15899