Ars Technica reports on what may be one of the largest malware-driven currency mining operations, currently generating more than $3 million in cryptocurrency thus far:
The unknown criminals generated the windfall over the past 18 months. The campaign has mainly exploited critical vulnerabilities on Windows computers and then, once gaining control over them, installing a modified version of XMRig, an open-source application that mines the digital coin known as Monero. While the group has used a variety of mining services, it has continued to dump the proceeds into a single wallet. As of last week, the wallet had received payouts of almost 10,829 Monero, which, at current valuations, are worth more than $3.4 million.
“The perpetrator, allegedly of Chinese origin, has been running the XMRig miner on many versions of Windows and has already secured him over $3 million worth of Monero cryptocurrency,” researchers at security firm Check Point wrote in a blog post. “As if that wasn’t enough though, he has now upped his game by targeting the powerful Jenkins CI server, giving him the capacity to generate even more coins.”
The Jenkins Continuous Integration server is open-source software written in Java for deploying and automating all kinds of tasks. With more than 1 million users, it’s one of the most widely used open-source automation servers. In January, independent researcher Mikail Tunç estimated that as many as many as 20 percent of Jenkins servers are misconfigured in ways that make serious hacks possible. The compromises cause slower performance and potential denial-of-service failures on compromised machines.
That is an unreal amount of money generated from such an insignificant amount of work.