Compromised postgresql instances

I've noticed a steady trickle of reports of postgresql servers being compromised via being left available to the
internetwith insecure or default configuration, or brute-forced credentials. The symptoms are randomly named binaries
beinguploaded to the data directory and executed with the permissions of the postgresql user, apparently via an
extensionor an untrusted PL. 

Is anyone tracking or investigating this?

Cheers,
  Steve