This happens when you don’t patch you apps: some tiny dirty hack happened on my server, installing a krypotminer named kinsing, by using a vulnerability in log4j. I noticed some strange CPU load and an execubale named kinsing in /etc . It instaled itself in crontab through a system entry when re-starting. And uhm, yes, tha application using log4j had root privilieges… I know….
I found a guide to remove it here.
I am going to monitor this