kswapd0 taking 100% CPU time on Ubuntu 18.04
I also have this problem recently, and I found that kswapd0 in my case is actually a crypto miner. (Please refer to this post: https://yoroi.company/research/outlaw-is-back-a-new-crypto-botnet-targets-european-organizations/)
You can check your files to see if there is a folder called .rsync
(or .configrc
in my case). Usually you will find the program kswapd0
under the folder a/
.
If you find that suspicious folder, then with high probability your server is infected.
Related videos on Youtube
Yuvraj Jaiswal
Developer | Philomath | Geek A believer of the John Skeet facts. Lifelong learner and builder.
Updated on September 18, 2022Comments
-
Yuvraj Jaiswal over 1 year
My Dell Latitude E7390(16 GB Memory, Intel i5 8th Generation Octa Core), running Ubuntu 18.04 has been facing this issue a lot where this process
kswapd0
takes ~100% of CPU time on one or more cores.I have to go to tty and kill that process(which respawns since it's a root process)
Attached image of
top
results for one of such instances:I have found many similar questions detailing this issue, however, most of these are old and some claim that this was a Linux kernel bug that was fixed for Ubuntu in 16.04. Also, all the answers are about 2-3 years old on different hardware and software models. Hence, re-asking this question here for these newer models. Similar questions ( Most of these are workarounds) :
kswapd0 is taking a lot of cpu
https://www.linuxquestions.org/questions/slackware-14/kswapd0-at-100-cpu-4175585351/
https://bugzilla.kernel.org/show_bug.cgi?id=65201
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518457
https://bbs.archlinux.org/viewtopic.php?id=205654 (This is one for arch, but still relevant)
P.S.: Screenshot of
uname -a
for my system for reference-
user about 4 yearsThe 'Shellbot' miner malware disguises itself as kswapd0, check the user's most recent created files
-
-
bhomass almost 3 yearsin deed I find all the signs of the crypto-botnet infection. I have fortified the login with ssh keys. I also removed the user id related to the infection, but the high cpu persists. Anyone knows how to remove it?