Github may have been infiltrated to run cryptominers

News
By published

Attacks can be traced back to November 2020

cryptocurrency
(Image credit: Yevhen Vitte / Shutterstock)

Security researchers have uncovered a massive cryptocurrency mining operation that abuses GitHub’s automated controls. According to reports, the popular open source code repository is “actively investigating” the reported incidents.

The attacks are reportedly targeted at GitHub repositories that have enabled a feature known as GitHub Actions. The feature is designed to automate the usual tasks that exist in all developer workflows. 

Speaking to The Record, Dutch security engineer Justin Perdok said the attackers are specifically looking for projects that test incoming pull requests via automated jobs to inject crypto mining software into GitHub’s cloud infrastructure.

Automated abuse

According to Perdok the attacks can be traced back to at least November 2020, when they were first reported by a French developer.

Breaking down the attack, Perdok says the threat actors first fork a software repository and add malicious GitHub Actions to the original code. They then file a legitimate pull request asking to merge their changes to the master repository. 

Thanks to the automated processes, as soon as the pull request is filed GitHub will read the malicious GitHub Actions code and spins up a virtual machine, which then downloads and runs cryptocurrency-mining software on GitHub’s infrastructure.

Perdok believes the attacks are happening at scale and has identified at least one account that’s actively creating hundreds of pull requests containing malicious code.

In an email to The Record, GitHub acknowledged the attack saying they are “aware of this activity and are actively investigating”. Reportedly, they said as much to the French developer last year, before deleting the pull requests from the offending account.

We hope that GitHub’s response this time is a bit more concrete and permanent instead of just zapping the malicious pull requests.

Via: The Record

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
An abstract image of digital security.
Hundreds of GitHub repositories hijacked to trick users into downloading malware
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
A white padlock on a dark digital background.
GitHub is hiding malware disguised as games, legitimate software
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
Image depicting a hand on a scanner
New Lazarus Group campaign sees North Korean hackers spreading undetectable malware through GitHub and open source packages
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
These fake GitHub "security alerts" could actually let hackers hijack your account
Latest in Software & Services
TinEye website
I like this reverse image search service the most
A person in a wheelchair working at a computer.
Here’s a free way to find long lost relatives and friends
A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other
This people search finder covers all the bases, but it's not perfect
That's Them home page
Is That's Them worth it? My honest review
woman listening to computer
AWS vs Azure: choosing the right platform to maximize your company's investment
A person at a desktop computer working on spreadsheet tables.
Trello vs Jira: which project management solution is best for you?
Latest in News
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
More about software services
A person in a wheelchair working at a computer.

Here’s a free way to find long lost relatives and friends
A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other

This people search finder covers all the bases, but it's not perfect
The iPhone 16 Pro Max and Samsung Galaxy S25 Ultra

5 things I want from the iPhone 17 – or I’m out and back to Android
See more latest
Most Popular
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Dell Pro Max with GB300
HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space