One of the biggest cryptomining operations ever discovered is targeting Jenkins CI servers, the most popular open source automation server in use today, causing slower performance and even denial of service attacks.

Jenkins is a CI and DevOps orchestration tool that is estimated to have more than 1 million users. Similar to the RubyMiner, cryptominer, JenkinsMiner has the potential to hugely impact these servers drastically slowing their performance leading to DoS attacks that are detrimental to the machines and businesses as a whole, according to a Feb.15 Check Point blog post.

The perpetrators are thought to be of Chinese origin and over the last 18 months had secured over $3 million worth of Monero cryptocurrency using the XMRig miner malware running on many versions of Windows. The additional targets offer the ability to generate even more money, researchers said.

The malware works by exploiting the CVE-2017-1000353 vulnerability which is caused by a lack of validation of the serialized object, which allows any serialized object to be accepted.

“The operation uses a hybridization of a Remote Access Trojan (RAT) and XMRig miner over the past months to target victims around the globe,” the post said. “The miner is capable of running on many platforms and Windows versions, and it seems like most of the victims so far are personal computers.”

Researchers said the malware appears to go through several updates and a change of mining pools with each new campaign.