On Fri, Oct 30, 2020 at 10:32 AM Magnus Hagander <magnus@hagander.net> wrote:
On Fri, Oct 30, 2020 at 3:29 PM PG Bug reporting form <noreply@postgresql.org> wrote: > > 37811 postgres 20 0 2442744 2.3g 4 S 399.7 14.8 148:23.87 > n2cP0Mv4 >
That is not a PostgreSQL process.
It looks very much like malware running on your system, that happens to be running under the "postgres" user account.
To expand on that, the malware was likely to have been installed and started through a compromised superuser account for his database. It is a common attack to look for postgreSQL superuser accounts with weak passwords, then use lo_export or COPY ... TO PROGRAM to drop cryptocurrency mining programs. They often have names that look like that, too. Reinstalling but without fixing the security practices just means the bad guys come back again.