Hackers abuse GitHub servers to mine cryptocurrency
Attackers are currently using GitHub to abuse servers to mine cryptocurrency. The malware apparently instrumentalized the tool in order to install crypto miners on the server infrastructure. GitHub is software for integration and delivery to software processes, including for the execution of recurring tasks.
Malware Reloads Cryptocurrency Miners
GitHub is currently investigating the attacks, according to a report in the cyber intelligence portals. Obviously, there are targeted plans under attack whose maintainers use workflows that also check incoming pull requests.
Poisoned Fork Triggers Attack On Pull Request
In the first step, the attackers create a fork from repository that has GitHub activated. They inject malicious code into the forked version and then send a pull request to the maintainers of the repository to merge the code back. Unfortunately, the attack does not require the consent of the maintainer to merge the malicious code.
After the malicious pull request, GitHub's network reads the attacker code and apparently creates a virtual system that sets up the software for mining Bitcoin cryptocurrency on GitHub's own servers. According to security researchers, the attackers could place around 100 crypto miners with each attack, which puts a heavy load on GitHub's infrastructure. Apparently the attack is random and large-scale. In some cases, individual accounts would have created hundreds of pull requests with the malicious code.