According to a Tuesday report by The Hacker News, the Jenkins Script Console has been weaponized by malicious actors for illegal cryptocurrency mining. The report is based on findings that were recently published by prominent cybersecurity firm Trend Micro.
Jenkins is a popular open-source continuous integration (CI) server. Before Jenkins, developers would have to deal with irregular commits since many of them could possibly be based in different countries. This would cause major integration issues, and developers would find it challenging to complete a certain project efficiently. Jenkins makes it possible for developers to continuously develop their code.
Jenkins has a Groovy script console that allows developers to run arbitrary scripts within the controller or the agents that are connected to it. The feature is useful for troubleshooting and diagnostics. Notably, it is available to users only with administrative permissions.
According to Trend Micro, the script console feature can be potentially weaponized by bad actors who can take advantage of misconfigured servers. Those developers who run unpatched versions of Jenkins are also at risk of falling victim to cryptojackers.
As mentioned above, unauthorized users cannot gain access to the script console. However, misconfigured Jenkins deployments are a prime target for bad actors who mine cryptocurrencies.
Cryptojackers typically deploy a malicious script that kills off all processes that consume substantial CPU resources and then proceed to install malicious mining software.
Cryptojacking, which became rampant in 2018, remains a persistent threat. Earlier this year, a cryptojacker from Nebraska was indicted for defrauding cloud computing companies to earn roughly $1 million worth of crypto.