kdevtmpfsi takes 100% CPU

I have a server running Ubuntu 18.04.5 LTS for development server, it's said that it's a mining malware that takes up your CPU for mining.

So everytime I kill the process using kill -p PID after few seconds it reruns again. check the crontab of www-data using

sudo crontab -u www-data -e

It should looks like this, delete this

Prevention

create a file ex. /home/ubuntu/removing-malware.sh

#!/bin/bash

# kinsing deleteing here
PID=$(pidof kinsing)
echo "$PID"
kill -9 $PID


# /tmp/kinsing deleteing here (Some times it will run /tmp path)
PID=$(pidof /tmp/kinsing)
echo "$PID"
kill -9 $PID


# kdevtmpfsi deleteing here
PID=$(pidof kdevtmpfsi)
echo "$PID"
kill -9 $PID


# /tmp/kdevtmpfsi deleteing here (Some times it will run /tmp path)
PID=$(pidof /tmp/kdevtmpfsi)
echo "$PID"
kill -9 $PID

# Delete malware files
find / -iname kdevtmpfsi -exec rm -fv {} \;

find / -iname kinsing -exec rm -fv {} \;

add to crontab using crontab -e then add

*/5 * * * * /home/ubuntu/removing-malware.sh

to check cron is running

systemctl status cron

The process keeps on poppin out

after cron is running keep on killing the process, keep on monitoring for a while repeat if it pops out, after sometime it will be gone.