Cyber turf wars
https://www.bleepingcomputer.com/news/security/smominru-mining-botnet-in-cyber-turf-war-with-rival-malware/
The Smominru mining botnet continues to wreck havoc on corporate machines by not only installing cryptominers, but also stealing credentials, installing backdoors, and making system configuration modifications that could affect the proper operation of an infected machine.
Smominru is a wormable malware that spreads using the EternalBlue exploit and by brute forcing RDP, MSSQL, Telnet and other exposed services. Once the botnet gains access to a machine, it will attempt to remove rival malware, secure the box from further infections, and then install cryptomining software, steal login credentials, install backdoors, and spread laterally to other machines.