According to U.Today, the Jenkins Script Console, a popular open-source continuous integration (CI) server, has been exploited by malicious actors for illegal cryptocurrency mining. This information was revealed in a report published on Tuesday by The Hacker News, based on findings from prominent cybersecurity firm Trend Micro. Jenkins is widely used by developers to continuously develop their code, overcoming the challenges of irregular commits and integration issues that can arise when developers are based in different countries.
The Jenkins platform features a Groovy script console that allows developers to run arbitrary scripts within the controller or the agents connected to it. This feature is primarily used for troubleshooting and diagnostics and is only available to users with administrative permissions. However, Trend Micro has warned that this script console feature can be weaponized by malicious actors who can exploit misconfigured servers. Developers running unpatched versions of Jenkins are particularly vulnerable to these cryptojackers.
Cryptojackers typically deploy a malicious script that terminates all processes consuming substantial CPU resources before installing malicious mining software. Cryptojacking, a practice that became widespread in 2018, continues to pose a significant threat. Earlier this year, a cryptojacker from Nebraska was indicted for defrauding cloud computing companies to earn approximately $1 million in cryptocurrency.
Despite the security measures in place, unauthorized users cannot access the script console. However, misconfigured Jenkins deployments remain a prime target for bad actors who mine cryptocurrencies. The report underscores the importance of proper server configuration and the use of updated software versions to mitigate the risk of cryptojacking.