Cybercriminals hacked GitHub servers for crypto mining

Cybercriminals hacked GitHub servers for crypto mining

Attackers specifically target GitHub project owners with automated workflows that test incoming pull requests via automated jobs, Perdok explained. Virtual crypto-mining machines created with malicious code Once a malicious Pull Request is filed, GitHub’s systems read the attacker’s code and program a virtual machine that downloads and runs cryptocurrency mining software on GitHub’s infrastructure.

As Perdok explains, the original project owner doesn’t even need to approve the malicious Pull Request for the attack to work. Simply filing the Pull Request is enough. The attacker adds malicious GitHub Actions to the original code before filing a ‘Pull Request’ with the original repository. This merges the malicious code back into the original.

Though GitHub says is are investigating the problem, it appears that it is a difficult issue to resolve — the company is actively deactivating malicious accounts, though new ones are easily activated by users intending to abuse the firm’s servers. GitHub security engineer Justin Perdok told The Record that at least one person is targeting GitHub repositories in which GitHub Actions might be enabled.

Source interestingengineering.com So far, the attacks have not been damaging users’ projects in any way, and instead are focused on illicitly utilizing GitHub’s infrastructure for crypto mining. 

Perdok explained that he identified at least one account creating hundreds of malicious Pull Requests and the attacks appear to have been happening since at least November 2020, when it was reported by a French software engineer. Perdok told The Record that he has seen attackers spin up to 100 crypto-miners throughout the course of only one attack. Unsurprisingly, as crypto mining consumes more electricity globally than entire countries, this creates enormous computational loads for GitHub’s infrastructure.

The News Highlights

  • Cybercriminals hacked GitHub servers for crypto mining
  • Check the latest News news updates and information about business, finance and more.
Disclaimer: If you need to edit or update this news from compsmag then kindly contact us Learn more

For Latest News Follow us on Google News


Latest Headlines
  • Show all
  • Trending News
  • Popular By week
Apple event eleventh hour rumors

Apple event eleventh hour rumors

A Podcasts service might join Apple One: While Apple’s spring event will be primarily a hardware event, there might be some software and service on the way, ...
Update on Apple’s Digital Car top things to focus upon

Update on Apple’s Digital Car top things to focus upon

  At WWDC 2020, Apple introduced a new NFC-based digital Car Key feature that allows users to unlock and start their vehicle by holding a compatible iPhone ...
Weta Workshop reimagines Lara Croft with $ 1,500

Weta Workshop reimagines Lara Croft with $ 1,500

Publisher Square Enix released the Tomb Raider: Definitive Survivor Trilogy in March. It combines the Definitive Edition of the 2013 Tomb Raider reboot, Rise ...
Dublin will push for “healthy and fair” competition in corporate taxes

Dublin will push for “healthy and fair” competition in corporate taxes

Speaking at the same event, Pascal Saint-Amans, head of tax administration at the OECD, stressed the need for “tax peace” that would end the “race to the ...
Canadian Spirit Resources Inc. Announces 2020 Year-End Financial Results and Warrants Exercise TSX Venture Exchange: SPI

Canadian Spirit Resources Inc. Announces 2020 Year-End Financial Results and Warrants Exercise TSX Venture Exchange: SPI

  Average sales volumes of natural gas (mcf/d) – (all amounts are presented in Canadian dollars, unless otherwise indicated) SELECTED FINANCIAL DATA ...
Cannabis company interested in Canajoharie site

Cannabis company interested in Canajoharie site

Sheldon and Shelley — a property management specialist and an entrepreneur, respectively —  first laid eyes on the Exit 29 site, which is the former Beech-Nut ...
Leaders in diversity and mental health offer tips after Chauvin trial – Connecticut news

Leaders in diversity and mental health offer tips after Chauvin trial – Connecticut news

Following the killing of George Floyd in 2020, there was an outpouring of support from different races and backgrounds to offer support. “I think a lot of ...
OnePlus gaming trigger buttons works on both iOS and Android phones

OnePlus gaming trigger buttons works on both iOS and Android phones

After launching its first smartwatch weeks ago, OnePlus just teased a new phone accessory: physical clip-on buttons that act as shoulder triggers for ...
Spherix® Mineral Products Names  News Development Director

Spherix® Mineral Products Names News Development Director

Related Imagesmarcy-shay.jpg Marcy Shay Director of News Development, Spherix Mineral Products spherix-mineral-products-logo.png Spherix Mineral Products Logo ...
Stratasys conference call to discuss financial results for the first quarter of 2021

Stratasys conference call to discuss financial results for the first quarter of 2021

Source finance.yahoo.com (Bloomberg) — The unprecedented oil inventory glut that amassed during the coronavirus pandemic is almost gone, underpinning a ...
Show next
Compsmag - Latest News from tech, business and health
Logo