Both groups operate mass-scanning operations that look for open or unpatched cloud services and servers to infect them with a multi-functional Linux-based malware strain.
The most aggressive of the two is, by far, the smaller Pacha group, which adopted a strategy of removing a long list of known crypto-mining malware strains on each server it infected.
Using this approach, Pacha hackers have slowly carved out a large piece on the crypto-mining scene.
Pacha going after Rocke
And according to a report published today, the Pacha Group paid special attention to identifying and removing versions of Rocke's miner, most likely in an attempt to eat away at its rival's "market share."
This trick of removing competitors from infected servers is also present in the Rocke group's malware, according to Nacho Sanmillan, Intezer Labs security researcher.
"Although [Rocke] does try to eliminate some generic miners, it is a smaller set in comparison with what Pacha does," Sanmillan told ZDNet.
At the time, a large number of crypto-mining groups realized that the Linux and Windows servers part of cloud infrastructure had access to far more processing power than isolated systems, and hackers shifted their focus to targeting cloud-based technologies such as Docker and Kubernetes as a result.
Since then, crypto-mining groups have diversified their "exploit portfolio" to target other technologies typically found in cloud-based environments, such as Jenkins systems, Confluence servers, Apache Struts, JBoss, and others.
Seeing two botnets fight for their victims isn't novel. This happens all the time, especially with IoT botnets, which often compete for the same routers and IoT devices and often include mechanisms to sabotage competitors, and even patch devices so nobody else can hack them.
Seeing malware operations trying to sabotage each other is a tell-tale sign that the market is getting crowded -- which is no surprise since crypto-miners are one of today's most popular and most active malware categories.
Cloud services: 24 lesser-known web services your business needs to try