Published 4 days ago • loading... • Updated 2 days ago

Illicit Crypto-Miners Pouncing on Insecure DevOps Tools

Security researchers at Wiz detected a campaign by attacker JINX-0132 exploiting exposed DevOps tools for illicit cryptocurrency mining in 2025.
The campaign exploits misconfigurations and vulnerabilities in HashiCorp Nomad, Consul, Gitea, and Docker APIs, often due to default or weak security settings.
JINX-0132 abuses public APIs to create multiple seemingly random services that download and run the open-source XMRig miner fetched directly from GitHub to avoid detection.
Wiz reports that 25% of cloud environments run these tools, 5% expose them publicly, and 30% of exposed deployments are misconfigured, putting up to a quarter of users at risk.
The campaign demonstrates that unsecured DevOps APIs allow remote code execution across connected nodes, highlighting the urgent need to patch, restrict access, and avoid exposing APIs publicly.

Insights by Ground AI

Does this summary seem wrong?

11 Articles

All

Left

Center

Right

The Register

Center

Illicit crypto-miners pouncing on insecure DevOps tools

: To stop the JINX-0132 gang behind these attacks, pay attention to HashiCorp, Docker, and Gitea security settings

3 days ago

Read Full Article

Global Security Mag Online

Reposted by

Global Security Mag Online

Sysdig Research - Attacker Exploits Internet-Exposed IA Open WebUI Tool to Deploy Cryptominers – Global Security Mag Online

Sysdig's Threat Research (TRT) team recently discovered that a group of cybercriminals were exploiting a configuration flaw on Open WebUI - a very popular open source web interface (95,000 stars on GitHub), allowing to interact and improve AI models such as LLM – in order to infiltrate a client's server and deploy crypto-mining software. How? By taking advantage of admin access left open and without authentication on the Internet by mistake, cyb…

2 days ago

Read Full Article

DevOps.com

DevOps Tools Under Siege: New Cryptojacking Campaign Exploits Misconfigurations to Mine Cryptocurrency

Wiz Research uncovers the JINX-0132 cryptojacking campaign, which exploits DevOps tools through misconfigurations.

3 days ago

Read Full Article

IT Security News - cybersecurity, infosecurity news

Cryptojacking campaign relies on DevOps tools

A cryptojacking campaign is targeting exposed DevOps servers like Docker and Gitea to secretly mine cryptocurrency. Wiz researchers uncovered a cryptojacking campaign, tracked as JINX-0132, targeting exposed DevOps applications like Nomad, Consul, Docker, Gitea to secretly mine cryptocurrency. Threat actors behind the… Read more → The post Cryptojacking campaign relies on DevOps tools appeared first on IT Security News.

3 days ago

Read Full Article

CSO Online

Reposted by

InfoWorld

The high cost of misconfigured DevOps: Global cryptojacking hits enterprises

A massive ongoing cryptojacking operation is actively exploiting misconfigured DevOps tools, including Nomad, Consul, Docker, and Gitea, to hijack computing power for cryptocurrency mining, Wiz Threat Research revealed. Dubbed Jinx-0132 by researchers, the campaign has compromised systems globally with attackers deploying XMRig-based miners within minutes of breaching exposed APIs and weak configurations. This marks the first known case of attac…

3 days ago

Read Full Article

Malware Analysis, News and Indicators

Docker, HashiCorp, Gitea servers targeted in cryptojacking campaign

Misconfigurations expose DevOps tools to malicious deployment of XMRig. Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enr…

3 days ago

Read Full Article

Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/year