Github services is under investigation after a series of reports on attacks against one of its infrastructures by running unauthorized crypto mining apps. Cybercriminals allegedly exploited some security flaws that could have been exploited to mine cryptos illicitly.
Attacks Exploit ‘Github Actions’
According to The Record, a Dutch security engineer, Justin Perdok, detected a cyberattacker targeting repositories belonging to Github. Attacks have been taking place since November 2020, said the report.
Perdok pointed out that the series of attacks “abused a Github feature called Github Actions,” which allows users to automatically execute workflows and tasks only when a specific event happens and then pull the trigger on the repositories.
That said, threat actors are taking advantage of the repositories where Github Actions are already enabled. The Record provided details on how the attack takes place:
The attack involves forking a legitimate repository, adding malicious GitHub Actions to the original code, and then filing a Pull Request with the original