Just thought I'd share a little experience I had yesterday regarding a Crypto Miner I discovered inside my Node-Red. I have Node-Red in a Docker Container and noticed my server CPU usage spiked to nearly 100% full-time.
Upon researching the cause, I saw the responsible process was /var/tmp/sustes -c /var/tmp/wc.conf
I did not find this on my root file system.....so I started inspecting my Docker Containers one-by-one until I found it in the Node-Red docker container. So THEN, I opened up the Node-Red Web UI and found a whole bunch of these subflows inside my Node-Red!! Anyway, just thought I'd share
This is highly likely my own problem and not widespread......but I wanted to make people aware. This is a thing that is happening now. So watch out.
I found more info about the miner from a Digital Ocean post when I searched for "sustes" along with how to get rid of it. In addition to deleting the files responsible, I obviously had to delete all the subflows which had crap in them.