Everything runs from a read-only system, so i doubt malware has gone into it. Probably just some bug in the widely used Linux OS we run on it if anything. I would be glad if you could share Wireshark logs or something of the packets you are seeing.