md and mdx processes load CPU 100%

[t&nk]

Hi,
I have a fairly fresh installation of debian 9 and after installing couple packages and gitlab I noticed that my two cores are loaded 99% all the time with processes called "md and mdx" I can't really figure out what those processes do as the only people mentioning them have software raid and mdadm package installed (which I do not as this is a hosted VPS on what I think is openstack). The other weird thing is that those two processes are being run under a user that should not have run anything. When I try to kill them they just respawn. When trying to find out more about the processes the full path from top/htop just says "worker"
I am bit lost as I have never seen anything like this so any leads would be greatly appreciated.

[GarryRicketson]

I wonder ,

installing couple packages and gitlab I

What those packages are, and where they came from,

[t&nk]

I wonder ,

installing couple packages and gitlab I

What those packages are, and where they came from,

Thanks for replying - the packages were all from debian and gitlab repos so I would think they are clean.

Also after some more investigation I've found a weird crontab entry in one of the user's crontab and from there that the md and mdx processes are being run from a hidden directory called .c4k in the user's /home folder - it would seem that the account had been compromised and the the CPU cycles were used for something like bitcoin mining.