It's somewhat nice that malicious crypto miners exist, because they seem to be way faster (for most cases) on the uptake of new RCE exploits and they do fairly harmless (CPU time abuse) actions.

Friend found their react server components server down, and upon investigating found the docker container that normally had their JS server process in, was now ./3s83jmfv.out (I guess it had killed the main process to secure a monopoly for that instance)

Annoying? Sure, but that is way better than "hello I have just nicked your .env file and ransomware/blackmailed you"

I for one am glad that the crypto mining worm people are here to out-compete the more nasty people!