Hackers targeting the servers of popular open source Java-based automation program Jenkins CI have secretly minded millions of dollars in cryptocurrency, security researchers have determined.
According to security researchers at Check Point, cybercriminals believed to be of Chinese origin could be behind a new malware campaign dubbed ‘JenkinsMiner’ wherein attacks have exploited a vulnerability to download and install a crypto-miner for the cryptocurrency Monero.
Researchers wrote:
The perpetrator, allegedly of Chinese origin, has been running the XMRig miner on many versions of Windows, and has already secured him over $3 million worth of Monero crypto-currency. As if that wasn’t enough though, he has now upped his game by targeting the powerful Jenkins CI server, giving him the capacity to generate even more coins.
Specifically, the attackers targeted the CVE-2017-1000353 vulnerability in the Jenkins Java deserlisation implementation. With it, hackers have been tricking Jenkins servers into downloading and installing a Monero miner via the hybridization of a remote access trojan (RAT) and XMRig miner to target victims around the world.
“With every campaign, the malware has gone through several updates and the mining pool used to transfer the profits is also changed,” researchers added. “Although the attack is well operated and maintained, and many mining-pools are used to collect the profits out of the infected machines, it seems that the operator uses only one wallet for all deposits and does not change it from one campaign to the next.”
Deeming it “one of the biggest malicious mining operations ever seen,” Check Point researchers estimated the hackers to have mined and cashed some 10,800 Monero, approximately $3.3 million in the JenkinsMiner campaign over the past 18 months by targeting various versions of Windows.
Image credit: Pexels.
