Hackers target Jenkins servers for cryptocurrency

News
By published

Hackers exploit continuous deployment servers to mine millions in Monero

Bitcoin cryptocurrency mining

A new cryptocurrency mining hack is targeting continuous deployment technology, tricking it into mining millions of dollars worth of Monero coins.

A hacker or hackers have exploited an existing security vulnerability in Jenkins servers - continuous deployment servers written in Java - to download and install a Monero miner called XMRig.

This vulnerability in the Jenkins Java deserialisation implementation, CVE-2017-1000353, means malicious content can be implanted into the server without requiring authentication. This has enabled hackers to install mining malware simply by sending two requests to the CLI interface, according to security vendor Check Point's research team.

As the researchers explain, these requests do two things to exploit the vulnerability. "The first is its capability object which informs the server of the capabilities of the client [computer]," they wrote. "The second meanwhile is the Command object which would contain the Monero payload."

Bitcoin-mining hackers hit government websites What is cryptocurrency mining? Bitcoin news: Major retailers offer support for bitcoin payments

A remotely-executed start command gets the malware running, and forces the victim's computer to mine Monero coins.

"The miner is capable of running on many platforms and Windows versions, and it seems like most of the victims so far are personal computers," the researchers said. "With every campaign, the malware has gone through several updates and the mining pool used to transfer the profits [has] also changed."

The hacker or hackers have reportedly mined over 10,800 Monero in the JenkinsMiner campaign, bringing them 2.3 million.

Check Point's team added: "As if that wasn't enough though, [the hacker] has now upped his game by targeting the powerful Jenkins CI server, giving him the capacity to generate even more coins."

This isn't the first time either that Jenkins servers have been exploited for malicious use. In January, security researcher Mikail Tunc found 25,000 Jenkins servers that were exposed to hackers.

Just last week a cryptocurrency mining attack hit official government websites, including the Student Loan Company in the UK, which would force unsuspecting visitors to mine cryptocurrencies for the hackers' benefit.

Rabbil Sikdar
More about cyber attacks
A CGI render of a warning symbol representing malware, sitting on an abstract computer surface. Decorative: the warning sign is glowing red and there is blue and yellow diffused light throughout.

What is an APT and how are they tracked?
Jeremy Fleming, former head of GCHQ, onstage with Haider Pasha, chief security officer, EMEA & LATAM at Palo Alto Networks at Ignite London 2025.

Businesses must get better at sharing cyber information, urges former GCHQ chief
Male software engineer working on a laptop at a home office desk with two PC monitors sitting on top of desk.

‘This shift highlights not just a continuation but a broad acceptance of remote work as the norm’: Software engineers are sticking with remote work and refusing to budge on RTO mandates – and 21% would quit if forced back to the office
See more latest
Most Popular
Male software engineer working on a laptop at a home office desk with two PC monitors sitting on top of desk.
‘This shift highlights not just a continuation but a broad acceptance of remote work as the norm’: Software engineers are sticking with remote work and refusing to budge on RTO mandates – and 21% would quit if forced back to the office
Ransomware concept image showing a warning symbol in red with binary code in background.
Healthcare systems are rife with exploits — and ransomware gangs have noticed
Application security concept image showing a digitized padlock placed upon a digital platform.
ESET looks to ‘empower’ partners with cybersecurity portfolio updates
Databricks logo and branding pictured on a MacBook Pro screen.
Databricks and Anthropic are teaming up on agentic AI development – here’s what it means for customers
Dell Technologies logo and branding pictured at the company's stall at Mobile World Congress (MWC) in Barcelona, Spain.
Scale of Dell job cuts laid bare as firm sheds 10% of staff in a year
Male employee sitting at a desk working on a laptop with earphones in and books scattered on desk.
Employees want purpose, and they’re willing to quit to find it – upskilling, career growth, and work-life balance have shifted priorities for workers
NHS logo displayed on a smartphone screen in white lettering on a blue background.
NHS supplier hit with £3m fine for security failings that led to attack
OpenAI logo and branding pictured at Mobile World Congress 2024 in Barcelona, Spain.
OpenAI announces five-fold increase in bug bounty reward
Digital handshake concept with Hand shake between two businessmen with digital hand
SYSPRO appoints Josef Al-Sibaie to spearhead global expansion
ChatGPT logo and branding pictured in white coloring against a black backdrop.
DeepSeek and Anthropic have a long way to go to catch ChatGPT: OpenAI's flagship chatbot is still far and away the most popular AI tool in offices globally