In an effort to better control vulnerable cloud-based infrastructure, two hacking groups behind large-scale crypto campaigns have started targeting their respective cryptomers. The Pacha group, first detected in September 2018, is a Chinese-origin threat group described by Intezer Labs while attempting to spread its cryptocurrency mining malware. Linux.GreedyAntd. Company researchers discovered that the group's malware was designed to search for other crypto-malicious malware present on the systems it infects, although this technique has already been used by the strains. Similar malware programs. The Linux.GreedyAnd Modular Malware program used Systemd to gain persistence and make it more difficult to detect and remove. The malware is also used to target and remove crypto from other cybercrime groups, but the Rocke group is the primary target. Ignacio Sanmillan of Intezer Labs explained in a blog post how Linux.GreedyAndt differs from previous malware released by the Pacha group in the following terms: "The main anti-malware infrastructure appears to be identical to previous Pacha campaigns, although it can be make considerable effort to detect and limit Rocke implants."