cryptonight exploit

[Rinaldo DiGiorgio]

Hi,

  I just found the following in the process table on one of the servers I use.

root      1082     1  0 10:22 ?        00:01:29 /usr/bin/java -jar /opt/jenkins/jenkins.war --logfile=/var/log/jenkins/jenkins.log
root      3160  1082  0 12:10 ?        00:00:01 /bin/sh /tmp/kw.sh
root     10079  1082  0 19:02 ?        00:00:01 /bin/sh /tmp/kw.sh
root     11375  1082  0 19:38 ?        00:00:01 /bin/sh /tmp/kw.sh
root     11561  1082  0 19:40 ?        00:00:01 /bin/sh /tmp/kw.sh

I have performed a kill -STOP of this process root     18448 11561 63 20:49 ?        00:37:01 /tmp/kworker34 -a cryptonight -o stratum+tcp://185.154.52.74:8080 -u 12 -p x

Looks like a previously reported issue, upgrading to latest.

Rinaldo

[Baptiste Mathus]

It seems to match indeed https://twitter.com/jenkinsci/status/864178120827428864 i.e. using your machine to process bitcoin related things.

(Note: as always, providing your Jenkins version can help help you...)

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/82fd3ffe-01fe-4bba-97e6-f60e994401c4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.