The Uptycs Threat Research Team recently observed Golang-based worm dropping cryptominer binaries which use the MSR (Model Specific Register) driver to disable hardware prefetchers. This is done to boost the miner execution performance, thereby increasing the speed of the mining process. The miner uses the modprobe msr command to load the msr driver (see Figure 1). The miner accesses /dev/CPU/CPUNUM/msr to modify the existing value of the MSr with the new value as shown below.”]
Source: https://securityaffairs.co/wordpress/120848/cyber-crime/cryptominer-elfs-msr-mining-performance.html