The malware targets publicly accessible Jenkins servers with weak credentials to build a botnet that can overwhelm Valve Source Engine game servers with traffic.
Attack Vector and Exploitation
A new piece of DDoS malware is targeting unsecured Jenkins instances to build a botnet aimed at Valve Source Engine game servers. The malware scans for Jenkins environments with weak or default credentials, then exploits a known vulnerability (CVE-2024-23897) to gain initial access. Once inside, it deploys a loader that communicates with a command-and-control server to receive further instructions.
After establishing control, the malware downloads and executes a distributed denial-of-service tool specifically designed to flood Valve Source Engine servers. These servers power popular multiplayer games like Counter-Strike and Team Fortress. The attack traffic is crafted to exhaust server resources, causing lag or complete outages for players.
Impact and Scope
Thousands of publicly accessible Jenkins instances remain vulnerable to this attack method. The malware turns compromised Jenkins servers into powerful DDoS nodes, amplifying the scale of attacks against gaming infrastructure. Operators of Valve Source Engine game servers are at heightened risk, as the botnet can target multiple servers simultaneously.
Organizations running Jenkins should immediately audit their instances for exposure, apply patches for CVE-2024-23897, and enforce strong authentication. Game server administrators should monitor for unusual traffic patterns and consider rate limiting Source Engine query protocols. The full extent of ongoing attacks remains under investigation by security researchers.
Source: Cyber Security News
