Hi folks,
We've got a couple of UTM firewalls running for several customers and we've noticed that some of those are running constantly at 100% CPU load.
These UTM firewalls all have different versions running, somewhere between 9.5 and 9.7. And after checking the running processes we've noticed the culprit seems to be the proces called 'xmrig'. I'm note familiar with this process but if you do a simple search on google, you'll get all kinds of crypto miner hits, suggesting this process is being used/abused to mine cryptos.
When we deployed a fresh UTM firewall, we noticed this process is available/running from the start. So I'm guessing this proces has been around on the UTM firewalls for some time. Does the UTM even use this process itself or is it just part of the Linux distro?
Anybody else encountered this behaviour before? Is it safe to assume these firewalls have been compromised, or are we way off base?
Cheers,
Frank
This thread was automatically locked due to age.
