Hackers exploit Jenkins servers, make $3 million by mining Monero

If you run a Jenkins server, you might want to make sure it is fully patched, since researchers found “one of the biggest malicious mining operations ever discovered.” The cyber crooks have already made more than $3 million by installing malware that mines for Monero on vulnerable Windows machines. And now they are honing in on vulnerable, yet powerful, Jenkins servers.

“The operation uses a hybridization of a Remote Access Trojan (RAT) and XMRig miner” that is “capable of running on many platforms and Windows versions,” the security firm Check Point revealed. Most victims, so far, were “personal computers. With every campaign, the malware has gone through several updates and the mining pool used to transfer the profits is also changed.”

Over the past 18 months, the hackers have accumulated 10,800 Monero, which is currently worth $3,436,776.

“The perpetrator, allegedly of Chinese origin, has been running the XMRig miner on many versions of Windows, and has already secured him over $3 million worth of Monero crypto-currency,” added Check Point. “As if that wasn’t enough though, he has now upped his game by targeting the powerful Jenkins CI server, giving him the capacity to generate even more coins.”

Be the first to comment

Leave a Reply

Your email address will not be published.