Security researchers at Wiz have uncovered a sophisticated crypto-jacking attack targeting publically accessible API servers for several popular DevOps tools. Similarly, researchers at Sysdig have uncovered an attack on the popular AI tool Open WebUI using many of the same techniques and crypto-miners.
Wiz Threat Research writes about how the threat actor, designated JINX-0132, has systematically compromised exposed instances of Nomad, Consul, Docker, and Gitea applications to deploy cryptocurrency mining software. The attack appears to escalate cryptojacking tactics, with attackers deliberately avoiding traditional attack signatures that security teams typically monitor. “A key characteristic of JINX-0132’s methodology is the seemingly deliberate avoidance of any unique, traditional identifiers that could be used by defenders as Indicators of Compromise,” explained researchers Gili Tikochinski, Danielle Aminov, and Merav Bar from Wiz Threat Research. “Instead of utilising attacker-controlled servers for payload delivery, they download tools directly from public GitHub repositories.”
A separate but related incident analysed by Sysdig researchers demonstrates how AI infrastructure has also become a target for crypto-jacking operations. The Sysdig Threat Research Team recently observed an attacker exploiting a misconfigured Open WebUI instance, a popular self-hosted AI interface with 95,000 GitHub stars. “Open WebUI was mistakenly exposed to the internet while also being configured to allow administrator access,” explained researchers Miguel Hernandez and Alessandra Rizzo from Sysdig. The attackers uploaded a malicious AI-generated Python script through Open WebUI’s plugin system, which then downloaded T-Rex and XMRig crypto-miners alongside sophisticated defence evasion tools.
The research reveals that cryptojacking attacks have evolved significantly beyond traditional methods. Whilst many campaigns still rely on email phishing and malicious links that automatically download crypto-mining software which are often embedded in JavaScript, this attack specifically targets infrastructure misconfiguration to install well-known open-source software. This “living-off-open-source” approach makes detection particularly challenging for cybersecurity teams, as the attackers use legitimate, publically available tools rather than custom malware. The threat actors deploy standard release versions of the XMRig cryptocurrency mining software, which connects to public Monero crypto mining pools and is monetised through a wallet controlled by the attacker.
The Wiz report notes that the scale of compromised infrastructure is startling, with some affected Nomad instances managing hundreds of clients with combined computing resources that would cost tens of thousands of pounds monthly. The campaign highlights how even well-funded organisations can be vulnerable to basic security misconfigurations. Sysdig’s analysis revealed that over 17,000 Open WebUI instances are currently exposed to the internet, highlighting the widespread risk of misconfigured AI tools.
Going into detail on the attack vectors used for each platform, the researchers explain how HashiCorp Nomad, a container orchestration platform, allows any user with API access to create and execute jobs, effectively providing remote code execution capabilities if not correctly locked down. The attackers exploit this default behaviour to submit malicious jobs with random service names, though they consistently use offensive language for task group definitions. In HashiCorp Consul deployments, attackers abuse the service health check functionality to execute arbitrary commands. Docker API instances, when exposed without authentication, provide attackers with root-level access to create containers and mount host filesystems. Gitea instances become vulnerable through various attack vectors, including post-authentication remote code execution vulnerabilities, unlocked installation wizards, and misconfigurations in git hook permissions.
According to Wiz data, approximately 25% of cloud environments run at least one of the targeted technologies, with HashiCorp Consul being the most prevalent in over 20% of environments. Amongst organisations using these tools, 5% expose them directly to the internet, and 30% of those exposed deployments contain security misconfigurations that could enable similar attacks.
XMRig has become the cryptocurrency miner of choice for numerous attacks targeting other widely used infrastructure tools. The recent RedisRaider attack has exploited internet-exposed Redis servers to deploy XMRig, using custom scanning logic to identify vulnerable instances before injecting cron jobs to maintain persistence, whilst the Commando Cat attack also focused on exposed Docker API endpoints similarly to JINX-0132. Kubernetes instances have also been compromised through attacks that create actor-controlled GitHub accounts with repositories containing GitHub Actions to run mining operations, and in 2021 GitHub changed the behaviour of GitHub Actions to prevent these crypto-jacking attacks. Attackers have also exploited popular CI/CD platform Jenkins through various methods, including the JenkinsMiner campaign, and more recent attacks that weaponise the Jenkins Script Console for cryptomining activity if it’s not configured properly.
The article concludes by explaining how organisations can defend against these attacks, mainly by implementing proper access controls and authentication. For Nomad deployments, enabling Access Control Lists (ACLs) would prevent unauthorised job execution. Consul instances should disable script checks and restrict HTTP API access to localhost where possible. Docker APIs should never be exposed to the internet without proper authentication, and Gitea instances require regular updates and careful configuration of git hook permissions.
Writing on LinkedIn, a poster from from Matrix Sec Cyber Security summarises the issue:
The speed and flexibility DevOps provides can be a huge competitive advantage — but only when paired with strong security hygiene. Campaigns like JINX-0132 show that attackers aren’t necessarily using bleeding-edge exploits. They’re using our own missteps — and our own tools — against us.
