Security researchers have identified a sophisticated wave of crypto-jacking attacks targeting public API servers utilized by popular DevOps tools. A group known as JINX-0132 is compromising instances of applications like Nomad, Consul, Docker, and Gitea to deploy cryptocurrency mining software while evading detection through unique methodologies. Similarly, researchers found vulnerabilities in the AI tool Open WebUI, which was exposed online, leading to the injection of harmful crypto-mining scripts. These findings emphasize the evolution of cryptojacking tactics that are becoming more advanced and specifically targeted.
A key characteristic of JINX-0132's methodology is the seemingly deliberate avoidance of any unique, traditional identifiers that could be used by defenders as Indicators of Compromise.
Open WebUI was mistakenly exposed to the internet while also being configured to allow administrator access, which allowed attackers to exploit the vulnerability.
Collection
[
|
...
]