After a series of reports of attacks on its infrastructure by running unauthorized crypto mining applications, the Github service is under investigation. It is said that cybercriminals have exploited some security vulnerabilities that may be used to illegally mine cryptocurrency.

Attack using “Github action”

According to The Record, Dutch security engineer Justin Perdok discovered a cyber attacker targeting a Github repository. According to the report, attacks have been occurring since November 2020.

Perdok pointed out that this series of attacks “abuses a Github feature called Github Actions,” which enables users to automatically execute workflows and tasks only when certain events occur, and then trigger triggers on the repository.

In other words, threat actors are using repositories that have enabled Github Actions. The log provides detailed information about how the attack occurred:

The attack involves deriving a legitimate repository, adding a malicious GitHub operation to the original code, and then submitting a Pull request to the original repository to merge the code back into the original repository.

However, the engineer clarified that the attacker only needs to fill in a “pull request” to deploy a malicious workflow. After loading, Github’s system will be deceived because it will read the attacker’s code and then automatically download the encrypted mining software.

100 crypto mining applications can be deployed in one attack

However, Perdok told The Report that the malicious attack seems to be stronger than expected. He has detected that hackers deployed nearly 100 crypto mining applications (such as Srbminer) to mine multiple cryptocurrencies in one attack.

Nevertheless, the attack does not seem to pose a danger to user projects on the platform.

See also  MTI CEO and his wife were issued a temporary isolation order by the South African High Court – Bitcoin News Supervision

Github has already commented on the matter, saying that they are aware of the issue and are “actively investigating.” However, Perdok said that Github also provided him with the same comments when reporting the vulnerability last year.

What do you think of the flaws in the Github infrastructure? Let us know in the comments section below.

Picture Credits: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for reference only. It is not a direct offer or solicitation of an offer, nor is it a recommendation or endorsement of any product, service or company. does not provide investment, tax, legal or accounting advice. The company or the author shall not bear any direct or indirect responsibility for any damage or loss caused or allegedly caused by using or relying on any content, goods or services mentioned in this article or related thereto.