Articles Attackers use the GitHub server infrastructure for cryptomining

Attackers use the GitHub server infrastructure for cryptomining


The web service for hosting IT projects GitHub is investigating a series of attacks on its cloud infrastructure, in which cybercriminals use the company’s servers for illegal cryptocurrency mining operations.

The first attacks were recorded by a French programmer using the alias Tib in the fall of 2020. During the campaign, criminals use the GitHub Actions feature to automatically execute tasks and workflows after a specific event occurs in one of the user’s GitHub repositories.

Security analyst Justin Perdok reported that at least one attacker is attacking GitHub repositories with GitHub Actions enabled. The attack involves creating a fork of a legitimate repository, adding malicious GitHub Actions to the source code, and then sending a Pull Request from the original repository to merge the code back with the original.

The attack does not require approving a malicious change request, Perdock said. It is enough just to send a request. According to the specialist, attackers attack GitHub project owners with automated workflows that check incoming change requests using automated functions.

After submitting a malicious request, GitHub systems read the attacker’s code and launch a virtual machine that downloads and runs cryptocurrency mining software on the GitHub infrastructure. According to Perdock, the criminals launched about 100 cryptominers in a single attack, creating huge computational loads for the GitHub infrastructure.

GitHub reps are “aware of this activity and are actively investigating a malicious campaign,” however they said the same to a French programmer last year. It seems that the investigation does not interfere with the attacker, since the attacker simply registers new accounts as soon as the old ones are blocked by the service administration.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you