Cybercriminals hacked GitHub servers for crypto mining

Attackers specifically target GitHub project owners with automated workflows that test incoming pull requests via automated jobs, Perdok explained. Virtual crypto-mining machines created with malicious code Once a malicious Pull Request is filed, GitHub’s systems read the attacker’s code and program a virtual machine that downloads and runs cryptocurrency mining software on GitHub’s infrastructure.

As Perdok explains, the original project owner doesn’t even need to approve the malicious Pull Request for the attack to work. Simply filing the Pull Request is enough. The attacker adds malicious GitHub Actions to the original code before filing a ‘Pull Request’ with the original repository. This merges the malicious code back into the original.

Suggestion For You:
Best Cheap Gaming Laptops
Best Gaming Mouse Under $25

Though GitHub says is are investigating the problem, it appears that it is a difficult issue to resolve — the company is actively deactivating malicious accounts, though new ones are easily activated by users intending to abuse the firm’s servers. GitHub security engineer Justin Perdok told The Record that at least one person is targeting GitHub repositories in which GitHub Actions might be enabled.

Source interestingengineering.com So far, the attacks have not been damaging users’ projects in any way, and instead are focused on illicitly utilizing GitHub’s infrastructure for crypto mining.

Perdok explained that he identified at least one account creating hundreds of malicious Pull Requests and the attacks appear to have been happening since at least November 2020, when it was reported by a French software engineer. Perdok told The Record that he has seen attackers spin up to 100 crypto-miners throughout the course of only one attack. Unsurprisingly, as crypto mining consumes more electricity globally than entire countries, this creates enormous computational loads for GitHub’s infrastructure.

The News Highlights