"Good" malware is the kind the person is not even aware of, right? And "good" malware prevents the spread of other malware, right? The ProofPoint website has a write-up on the Adylkuzz malware, that is much like the WannaCry RansomWorm in that it spreads the same way. Instead of holding your data hostage in hopes of you giving up some Bitcoin in order to get your data back, Adylkuzz installs cryptocurrency mining software on your machine to farm its own Monero cryptocurrency. Adylkuzz is spreading using both the EternalBlue and DoublePulsar exploits. It seems that Adylkuzz has been in the wild since before we all got the WannaCry RasomWorm wake up call, possibly since April 24th. So you may be into Monero cryptocurrency mining and you are not even aware of it. See how easy mining is to get into? From what ProofPoint is citing in its article, I would guess that Adylkuzz is going to be much more successful on the money front than WannaCry.