New Crypto Mining Attacks Discovered by Researchers

07/09/2024 22:00
New Crypto Mining Attacks Discovered by Researchers

Cryptojackers can take advantage of misconfigured Jenkins deployments

New Crypto Mining Attacks Discovered by Researchers

Cover image via www.freepik.com

According to a Tuesday report by The Hacker News, the Jenkins Script Console has been weaponized by malicious actors for illegal cryptocurrency mining. The report is based on findings that were recently published by prominent cybersecurity firm Trend Micro.

Jenkins is a popular open-source continuous integration (CI) server. Before Jenkins, developers would have to deal with irregular commits since many of them could possibly be based in different countries. This would cause major integration issues, and developers would find it challenging to complete a certain project efficiently. Jenkins makes it possible for developers to continuously develop their code.

Related

Major US Exchange Kraken Gets Funds Back After "Extortion" Attempt

Jenkins has a Groovy script console that allows developers to run arbitrary scripts within the controller or the agents that are connected to it. The feature is useful for troubleshooting and diagnostics. Notably, it is available to users only with administrative permissions.

According to Trend Micro, the script console feature can be potentially weaponized by bad actors who can take advantage of misconfigured servers. Those developers who run unpatched versions of Jenkins are also at risk of falling victim to cryptojackers.

Related

Biggest Crypto Hack of 2024: New Details Come to Light

As mentioned above, unauthorized users cannot gain access to the script console. However, misconfigured Jenkins deployments are a prime target for bad actors who mine cryptocurrencies.

Cryptojackers typically deploy a malicious script that kills off all processes that consume substantial CPU resources and then proceed to install malicious mining software.

Cryptojacking, which became rampant in 2018, remains a persistent threat. Earlier this year, a cryptojacker from Nebraska was indicted for defrauding cloud computing companies to earn roughly $1 million worth of crypto.

About the author

article image

Alex Dovbnya

Alex Dovbnya (aka AlexMorris) is a cryptocurrency expert, trader and journalist with extensive experience of covering everything related to the burgeoning industry — from price analysis to Blockchain disruption. Alex authored more than 1,000 stories for U.Today, CryptoComes and other fintech media outlets. He’s particularly interested in regulatory trends around the globe that are shaping the future of digital assets, can be contacted at [email protected].

Advertisement

TopCryptoNewsinYourMailbox

TopCryptoNewsinYourMailbox

Read more --->