Hackers abuse GitHub servers to mine cryptocurrency
Attackers are currently using GitHub to abuse servers to mine cryptocurrency. The malware apparently instrumentalized the tool in order to install crypto miners on the server infrastructure. GitHub is software for integration and delivery to software processes, including for the execution of recurring tasks.
Malware Reloads Cryptocurrency Miners
GitHub is currently investigating the attacks, according to a report in the cyber intelligence portals. Obviously, there are targeted plans under attack whose maintainers use workflows that also check incoming pull requests.
Poisoned Fork Triggers Attack On Pull Request
In the first step, the attackers create a fork from repository that has GitHub activated. They inject malicious code into the forked version and then send a pull request to the maintainers of the repository to merge the code back. Unfortunately, the attack does not require the consent of the maintainer to merge the malicious code.
After the malicious pull request, GitHub's network reads the attacker code and apparently creates a virtual system that sets up the software for mining Bitcoin cryptocurrency on GitHub's own servers. According to security researchers, the attackers could place around 100 crypto miners with each attack, which puts a heavy load on GitHub's infrastructure. Apparently the attack is random and large-scale. In some cases, individual accounts would have created hundreds of pull requests with the malicious code.
The attacks have been in progress at least since November, a French scientist had reported it first. GitHub spokesmen had told the platforms that the company was investigating the incidents and taking action. So far, the tactic has not been prevented: the attackers would have always registered new accounts as soon as the old ones were caught spreading the malware and suspended. The current damage is that the attackers are misappropriating GitHub's infrastructure. Projects of affected users do not seem to be harmed.
The contents of this article are for informational purposes only and are not investment advice.
Comments