It certainly isn't CA. Not that I really have any clue about NodeRed, but I'd suggest that if that process actually is a crypto miner, then it got added to the container via some project or something that you created with NodeRed. If not, the proper place to report something like this is on NodeRed's project page / forum.
For the time being unless this is definitely determined to be from the container itself (which it doesn't appear to be on my system on a quick install) and not by something which you added / did, NodeRed (official) will remain in CA.