Github Server Hacked to Mine Bitcoin and Other Cryptocurrencies

Github services are under investigation after a series of reports on attacks against one of its infrastructures by running unauthorized crypto mining apps. Cybercriminals allegedly exploited some security flaws to mine cryptos illicitly.

Attacks Exploit ‘Github Actions’

According to The Record, a Dutch security engineer, Justin Perdok, detected a cyberattacker targeting repositories belonging to Github. Attacks have been taking place since November 2020, said the report.

Perdok pointed out that the series of attacks “abused a Github feature called Github Actions,” which allows users to automatically execute workflows and tasks only when a specific event happens and then pull the trigger on the repositories.

That said, threat actors are taking advantage of the repositories where Github Actions are already enabled. The Record provided details on how the attack takes place:

The attack involves forking a legitimate repository, adding malicious GitHub Actions to the original code, and then filing a Pull Request with the original repository in order to merge the code back into the original.

However, the engineer clarified that the attacker just needs to fill the “Pull Request” to deploy the malicious workflows. Once it’s loaded, Github’s systems will be cheated, as it will read the attacker’s code and then download a crypto-mining software automatically.

But the malicious campaign seems to be more powerful than thought, as Perdok told The Reported that he already detected hackers deploying almost 100 crypto-mining apps – such as Srbminer – in one single attack to mine multiple cryptocurrencies.

Still, the attack seems not to pose a danger to the users’ projects on the platform.

Github already commented on the matter, saying that they’re aware of the issue and “are actively investigating.” However, Perdok stated Github provided him that same comment last year when he reported the flaw.

 

Related Articles

Coinbase’s COIN Stock to Go Live on Nasdaq

Bitcoin Mining Difficulty Rise, Record Number of ASIC Miners Come Online

Tesla Just Helped Patch a Bitcoin Payment Bug

 

The Bitcoin Standard

A must read for bitcoin enthusiasts

  • When a pseudonymous programmer introduced “a new electronic cash system that’s fully peer-to-peer, with no trusted third party” to a small online mailing list in 2008, very few paid attention. Ten years later, and against all odds, this upstart autonomous decentralized software offers an unstoppable and globally-accessible hard money alternative to modern central banks. The Bitcoin Standard analyzes the historical context to the rise of Bitcoin, the economic properties that have allowed it to grow quickly, and its likely economic, political, and social implications.
  • Best Seller


Bitcoin

Having bitcoin is good, Using bitcoin the renewable way is better. Here are some Tips

More
Altcoins

More