New Saturn Ransomware Actively Infecting Victims Using the Chrome Task Manager to Find In-Browser Miners Group Makes $50 Million by Phishing Bitcoin Users Using Google AdWords The Week in Ransomware – February 16th 2018 – NotPetya & Saturn Google Discloses Microsoft Edge Security Feature Bypass InsaneCrypt (desuCrypt) Decrypter Remove the Wise System Mechanic System Optimizer PUP Remove the Page Marker CPU Miner Firefox Addon Remove the Browser Opinion survey Advertisement Remove the Win an iPhone X Advertisement Remove Security Tool and SecurityTool (Uninstall Guide) How to remove Antivirus 2009 (Uninstall Instructions) How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller Locky Ransomware Information, Help Guide, and FAQ CryptoLocker Ransomware Information Guide and FAQ CryptorBit and HowDecrypt Information Guide and FAQ CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ How to Rename a Hyper-V Virtual Machine using PowerShell & Hyper-V Manager How to Install Hyper-V in Windows 10 How to Enable CPU Virtualization in Your Computer’s BIOS How to open a Windows 10 Elevated Command Prompt How to start Windows in Safe Mode How to remove a Trojan, Virus, Worm, or other Malware How to show hidden files in Windows 7 How to see hidden files in Windows A hacker group has made over $3 million by breaking into Jenkins servers and installing malware that mines the Monero cryptocurrency. Hackers are targeting Jenkins, a continuous integration/deployment web application built in Java that allows dev teams to run automated tests and execute various operations based on test results, including deploying new code to production servers.
Because of this, Jenkins servers are extremely popular with both freelance web developers, but also with large enterprises. On Friday, Israeli security firm Check Point announced it uncovered the footprint of a large hacking operation targeting Jenkins servers left connected to the Internet.
Attackers were leveraging CVE-2017-1000353, a vulnerability in the Jenkins Java deserialization implementation that allows attackers to run malicious code remotely without needing to authenticate first. Check Point says hackers used this vulnerability to make Jenkins servers download and install a Monero miner (minerxmr.exe).
The miner was being downloaded from an IP address located in China and assigned to the Huaian government network. It is unclear if this is the attacker’s server, or a compromised server used to host the miner on behalf of the hackers.
The attackers have been active for months. This has allowed them to mine and already cash out over 10,800 Monero, which is over $3.4 million, at the time of writing. Read more from bleepingcomputer.com…
thumbnail courtesy of bleepingcomputer.com