Hi everyone,

Has anyone recently faced a crypto miner attack on an Odoo VPS?

I found malware running on my Odoo 19 server that was disguised as legitimate Odoo/PostgreSQL processes with names like:

• .odoo_pg_health

• .odoo_worker_monitor

• .bg_payload

It was mining Monero through HashVault and had persistence via the postgres user's crontab.

I'm trying to understand whether this is a known campaign targeting Odoo/PostgreSQL servers or if anyone else has seen similar indicators.

If you've encountered something similar, please share your findings, attack vector, or how the server was compromised.

Thanks!