A vulnerability disclosed late last year has been exploited by malicious actors to deliver a piece of malware that deploys a Monero cryptocurrency miner and looks for new victims on the internet and the local network. According to the SANS Institute’s Internet Storm Center, the attacks involve CVE-2018-1000861, a vulnerability affecting the Stapler HTTP request handling engine, which is used by the Jenkins open source software development automation server. Jenkins developers informed users of the vulnerability and the availability of patches in December 2018, and warned that the flaw could be exploited for various purposes, including by unauthenticated attackers. An analysis of the attack revealed that hackers are exploiting the flaw to target Jenkins servers and download and execute a piece of malware tracked as Kerberods. Kerberods then downloads and executes a Monero cryptocurrency miner on the compromised system, which helps the cybercriminals behind the attack make a profit — one Monero (XMR) is currently worth roughly $68. It also leverages the compromised machine to look for other vulnerable Jenkins servers on the internet.