Cryptocurrency mining operations come in many different shapes and sizes. 0Running a profitable Bitcoin mining firm requires a lot of hardware and space. For altcoin mining, things are very different. Unfortunately, the Jenkins Miner is not a legitimate operation. Although it is the biggest of its kind, it’s 100% malicious. It also seems to be mining Monero first and foremost, with over $3m being raised already.
Criminals have taken a strong liking to cryptocurrencies. In most cases, they will attempt to trick users into giving up login credentials. Hacking exchanges is also becoming more popular as of late. The Jenkins miner, however, is a different creature altogether. It is suspected this is a Chinese operation designed to mine Monero. More specifically, it is a completely malicious mining operation. By actively spreading Monero mining malware, the owner of this botnet has enslaved thousands of computers already.
Monero has a Jenkins Miner Problem
If that wasn’t enough, the owner is now targeting the Jenkins CI server. If successful, he can effectively generate millions of Monero in very quick succession. Botnet mining is nothing new for this particular altcoin. In fact, it has been somewhat of a problem for several years now. There is nothing one can do about it, though. After all, this is a decentralized network where no one can “ban” specific users or IP addresses without consensus.
There is a vulnerability in the Jenkins Java implementation which can be exploited. It seems the hacker successfully did so already, although it remains to be seen if this is a successful operation. With the code being injected on the server, it is possible this mining operation will become a lot more profitable. Monero is one of the few currencies to be mined with non-ASIC hardware these days. In fact, most people can still mine XMR with just their CPU, albeit at a very slow rate.
Whether or not the Jenkins miner will pose a big threat, remains to be seen. We do know the server is currently mining Monero through different mining pools. Analysts discovered how over $3m worth of XMR has been collected already. That number will increase for some time to come. Especially with this Jenkins miner still active, the money will continue to flow in rather quickly. The malware used to infect this server and other computers has undergone multiple evolutions as well. Every new iteration is more powerful and sophisticated. A worrisome trend, to say the least.