https://www.theregister.co.uk/2019/08/01/palo_alto_networks_rocke_malware/

Palo Alto Networks has spotted a new cryptomining malware technique that not only wipes out any other miners present on the target machine but uses GitHub and Pastebin as part of its command-and-control (C2) infrastructure.

The malware, believed to originate from a Chinese cybercrime group nicknamed Rocke, targets cloud infrastructure in order to plant cryptocurrency mining software, potentially causing much larger metered usage bills for companies falling victim to it.