kswapd0 taking 100% CPU time on Ubuntu 18.04

18.04 kernel cpu
6,552

I also have this problem recently, and I found that kswapd0 in my case is actually a crypto miner. (Please refer to this post: https://yoroi.company/research/outlaw-is-back-a-new-crypto-botnet-targets-european-organizations/)

You can check your files to see if there is a folder called .rsync (or .configrc in my case). Usually you will find the program kswapd0 under the folder a/.

If you find that suspicious folder, then with high probability your server is infected.

Share:
6,552

Related videos on Youtube

Yuvraj Jaiswal
Author by

Yuvraj Jaiswal

Developer | Philomath | Geek A believer of the John Skeet facts. Lifelong learner and builder.

Updated on September 18, 2022

Comments

  • Yuvraj Jaiswal
    Yuvraj Jaiswal over 1 year

    My Dell Latitude E7390(16 GB Memory, Intel i5 8th Generation Octa Core), running Ubuntu 18.04 has been facing this issue a lot where this process kswapd0 takes ~100% of CPU time on one or more cores.

    I have to go to tty and kill that process(which respawns since it's a root process)

    Attached image of top results for one of such instances: <code>top</code> in TTY

    I have found many similar questions detailing this issue, however, most of these are old and some claim that this was a Linux kernel bug that was fixed for Ubuntu in 16.04. Also, all the answers are about 2-3 years old on different hardware and software models. Hence, re-asking this question here for these newer models. Similar questions ( Most of these are workarounds) :

    kswapd0 is taking a lot of cpu

    https://www.linuxquestions.org/questions/slackware-14/kswapd0-at-100-cpu-4175585351/

    https://bugzilla.kernel.org/show_bug.cgi?id=65201

    https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518457

    https://bbs.archlinux.org/viewtopic.php?id=205654 (This is one for arch, but still relevant)

    P.S.: Screenshot of uname -a for my system for reference

    enter image description here

    • user
      user about 4 years
      The 'Shellbot' miner malware disguises itself as kswapd0, check the user's most recent created files
  • bhomass
    bhomass almost 3 years
    in deed I find all the signs of the crypto-botnet infection. I have fortified the login with ssh keys. I also removed the user id related to the infection, but the high cpu persists. Anyone knows how to remove it?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

High System Load, Low CPU/RAM Utilization on Ubuntu 15.04
mysql 5.7 is working slow on ubuntu 18.04 LTS
CPU frequency too high even with 'powersave' governor
System responds with "failed to send h2c command" on shutdown: what does that mean?
Is there an easy way to downgrade kernel to 4.14.x in ubuntu 18.04?
Ubuntu 18.04 LTS: Wifi not working after kernel updates
Kernel outputting this, should I worry? - [Hardware Error]: PROCESSOR 0:406e3 TIME 1498209621 SOCKET 0 APIC 3 microcode 9e
CPU frequency control
How to install Ubuntu on ASUS F556U, JournalError error?
18.04: kernel panic - not syncing: attempting to kill init! exit code-0x00000100