Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Github services is under investigation after a series of reports on attacks against one of its infrastructures by running unauthorized crypto mining apps. Cybercriminals allegedly exploited some security flaws that could have been exploited to mine cryptos illicitly.
Attacks Exploit âGithub Actionsâ
According to The Record, a Dutch security engineer, Justin Perdok, detected a cyberattacker targeting repositories belonging to Github. Attacks have been taking place since November 2020, said the report.
Perdok pointed out that the series of attacks âabused a Github feature called Github Actions,â which allows users to automatically execute workflows and tasks only when a specific event happens and then pull the trigger on the repositories.
That said, threat actors are taking advantage of the repositories where Github Actions are already enabled. The Record provided details on how the attack takes place:
The attack involves forking a legitimate repository, adding malicious GitHub Actions to the original code, and then filing a Pull Request with the original repository in order to merge the code back into the original.
However, the engineer clarified that the attacker just needs to fill the âPull Requestâ to deploy the malicious workflows. Once itâs loaded, Githubâs systems will be cheated, as it will read the attackerâs code and then download a crypto-mining software automatically.
100 Crypto Mining Apps Deployed in One Single Attack
But the malicious campaign seems to be powerful than thought, as Perdok told The Reported that he already detected hackers deploying almost 100 crypto-mining apps â such as Srbminer â in one single attack to mine multiple cryptocurrencies.
Still, the attack seems not to pose a danger to the usersâ projects on the platform.
Github already commented on the matter, saying that theyâre aware of the issue and âare actively investigating.â However, Perdok stated Github provided him that same comment last year when he reported the flaw.
What do you think about this flaw in Githubâs infrastructure? Let us know in the comments section below.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.