1. SSH into remote machine where application API resp time is slow
2. Look at htop(which is at 100% with some weird command run by the postgres user)
3. Google kdevtmpfsi
4. A malware that scans open postgres ports with default(or weak) password and then uses executes a bash script to mine cryptocurrency.

https://www.securityweek.com/pgminer-crypto-mining-botnet-abuses-postgresql-distribution https://stackoverflow.com/questions/60151640/kdevtmpfsi-using-the-entire-cpu https://nvd.nist.gov/vuln/detail/CVE-2019-9193