Attackers exploit exposed Nomad, Docker, and Gitea instances to deploy XMRig miners within minutes, draining cloud resources and evading detection.
Credit: wee dezign / Shutterstock
A massive ongoing cryptojacking operation is actively exploiting misconfigured DevOps tools, including Nomad, Consul, Docker, and Gitea, to hijack computing power for cryptocurrency mining, Wiz Threat Research revealed.
Dubbed Jinx-0132 by researchers, the campaign has compromised systems globally with attackers deploying XMRig-based miners within minutes of breaching exposed APIs and weak configurations.
