Threat Management, Threat Management

JenkinsMiner targets Jenkins Servers to mine Monero

One of the biggest cryptomining operations ever discovered is targeting Jenkins CI servers, the most popular open source automation server in use today, causing slower performance and even denial of service attacks.

Jenkins is a CI and DevOps orchestration tool that is estimated to have more than 1 million users. Similar to the RubyMiner, cryptominer, JenkinsMiner has the potential to hugely impact these servers drastically slowing their performance leading to DoS attacks that are detrimental to the machines and businesses as a whole, according to a Feb.15 Check Point blog post.

The perpetrators are thought to be of Chinese origin and over the last 18 months had secured over $3 million worth of Monero cryptocurrency using the XMRig miner malware running on many versions of Windows. The additional targets offer the ability to generate even more money, researchers said.

The malware works by exploiting the CVE-2017-1000353 vulnerability which is caused by a lack of validation of the serialized object, which allows any serialized object to be accepted.

“The operation uses a hybridization of a Remote Access Trojan (RAT) and XMRig miner over the past months to target victims around the globe,” the post said. “The miner is capable of running on many platforms and Windows versions, and it seems like most of the victims so far are personal computers.”

Researchers said the malware appears to go through several updates and a change of mining pools with each new campaign.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.