Crypto-mining malware nets hacker group $3.4 million worth of cryptocurrency Monero

   Israeli security firm Check Point uncovered a large-scale cryptocurrency mining operation which installed malware on servers running Jenkins, an automation software designed for web development. The mining operation has, to date, mined around $3.4 million worth of Monero using malware installed on internet-connected Jenkins servers.

   Why Monero? Monero is an open-source cryptocurrency designed to be untraceable, private, and highly secure. Its security features make it an excellent choice for privacy-minded individuals, and sadly, illicit operations like this malicious mining operation.

   Unlike other illicit cryptocurrency mining operations, this one targeted servers rather than personal computers, which is why it went undetected long enough to earn some serious cash — $3.4 million as of this reporting.

Vulnerability of Jenkins servers

   The mining operation, which Check Point tracked to China, exploited a known vulnerability in Jenkins servers which allowed them to essentially ask the automation software to download and install the crypto-mining software.

   Though this mining operation didn’t target personal computers, Check Point speculates that its presence on these Jenkins servers could still have some negative effects for everyday people.

“The JenkinsMiner could negatively impact the servers, causing slower load times and even issuing a Denial of Service. Depending on the strength of the attack, this could prove to be very detrimental to the machines.” Check Point reports.

   While this kind of vulnerability might not be of concern to most people, it should definitely raise some eyebrows for web developers. It’s not the first time Jenkins servers have been exploited, and according to Bleeping Computer, exposed Jenkins servers pose a serious security risk to the web at large.

   Research from security expert Mikail Tunç, Bleeping Computer reports that the researcher detected 25,000 exposed and vulnerable Jenkins servers. These servers are vulnerable not only because of the known exploits which hackers can use to turn them to their own ends but because of their connection to the internet. Insulating a Jenkins server from the web would be a big step in the right direction.

   This cryptocurrency mining operation is just one of many similar operations, siphoning clock cycles to mine Monero or other cryptocurrencies. According to Bleeping Computer, illicit Monero mining is already seeing an enormous uptick in 2018, with no signs of slowing down.