fuchsiaaaaaaaaaaaaaaaaa
well fun morning, server from friends got epic haxored so i did forensics from my phone, in bed
- ssh with password auth enabled
- ssh'd into minecraft user with apparently weak password
- deployed payload, consisting of an irc c&c, and a monero miner disguised as 'kswapd0'
by far not the only ones, for example http://blog.alvarezp.org/2020/06/18/my-laptop-was-broken-into/
the kswapd0 thing is pretty smart, as all the results for 'kswapd0 high cpu' (which you would be seeing) are non-malicious explanations like
https://askubuntu.com/questions/259739/kswapd0-is-taking-a-lot-of-cpu
Follow
same with .syslog I've seen it like that on someone else's machine hah
