Hackers target Github server infrastructure to mine cryptocurrency

Github services are under investigation after a series of reports of attacks on one of their infrastructures by running unauthorized crypto mining apps. Cybercriminals would take advantage of some vulnerabilities that could be exploited to illegally mine crypto. Attacks Abuse "Github Actions" According to The Record, Dutch security engineer Justin Perdok discovered a cyber attacker targeting Github repositories. According to the report, there have been attacks since November 2020. Perdok stated that the attack sequence takes advantage of a "Github feature called Github Actions" that allows users to automatically run workflows and tasks when a certain event occurs and then pull the trigger. in warehouses. However, threat actors take advantage of repositories where Github actions are already enabled. The record details how the attack happened: The attack involves making changes to a legitimate repository, adding malicious GitHub actions to the original code, and then submitting a Pull Request to the original repository. to reassemble the code with the original. However, the engineer made it clear that the attacker only had to enter a "Request to Pull" to implement malicious workflows. Once installed, Github's systems are tricked into reading the attacker's code and then automatically downloading the crypto mining software. 100 Crypto Mining Applications Placed In A Single Attack But Perdok has already detected hackers who distribute almost 100 crypto mining apps like Srbminer in a single attack to mine several cryptocurrencies, according to the report, the malicious campaign looks stronger than expected. . Still, the attack does not appear to endanger user projects on the platform. Github has already commented on the issue, saying they are aware of the issue and are "actively investigating". However, Perdok said Github gave him the same comment last year. Read more

Join the Discussion

Back to top