Attackers Find a New Way to Install Cryptominers
This year in June, F5 researchers found a new malware campaign exploiting a Jenkins dynamic routing vulnerability to install a cryptominer.
F5 explained that the vulnerability bypasses specific access control lists and leverages the Groovy plugin metaprogramming to download and remotely execute a malicious cryptominer.
The cryptominer consumes valuable computing resources, raising bills and leading to slower performance. In the case of enterprise applications, it could means hundreds and thousands of dollars in bills and lost revenues due to the performance hit.
F5 suggests the following steps to protect users: Implement web fraud protection to detect customers logging into your applications with infected clients designed to engage in fraud. Notify your clients of the malware you detected on their system while logging into your application (which can result in them being blocked from carrying out a transaction), so they can take steps to clean their systems; and Provide security awareness training to employees and clients.