There are benign things which can do this. Gnome desktop environment has a legitimate component which unfortunately bears a scary sounding name "tracker-miner" (which is a terrible choice in naming IMO) which has caught a few newbies thinking they've been compromised.I would notice every once in a while their would be a daemon or a process that would be using NEARLY %90 of my cpu
I am also aware that kworker threads tend to do this, esp on systems utilizing full disk encryption.
rkhunter, while a good program, is also known to report false positives. There is even a section in the rkhunter.conf file to whitelist such programs. Sometimes it is something as simple as a program using a larger memory segment than the expected default <something>MB of memory.
Knowing your system will better help you to sort false positives apart from legitimate compromises.
I have been using rkhunter and several other FOSS security programs for years now and the only things any of it discovered and isolated had been a few old .exe windows freeware installers that had been sitting around on my storage from before I migrated to Linux. (Which were also totally a non-threat on anything but a functional Windows environment).
I think it might also do you well to take up some reading on the cyber security threat landscape, to help you build a more realistic threat model. The adversaries most of us (as common internet users) face are largely just adtech networks trying to assault us with targeted advertising. Not exactly some Jason Bourne shenanigans.
Statistics: Posted by Uptorn — 2024-05-15 18:22