VestaCP infrastructure server was compromised and attackers were able to modify their installation script to log IP address and password in addition to distro name which was used to collect stats.
If you are using VestaCP, you should change your server password immediately and upgrade your installation to latest version as soon as possible. Also, you should audit your server as well. It is possible that your server is infected by malware.
You can refer the following URL for the detailed information:https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-distributed-servers-vestacp-installed/