Just when organizations thought that their servers were secure, at least from malware running on them, here’s a news of hackers getting access to the GitHub servers to mine crypto currencies . In crypto-world this is known crypto-jacking.
- Who : GitHub.com (a software version control platform using git)
- How long has it been going on : Since the fall of 2020
- What functionality was abused : GitHub Actions
- What was the exploit : When a certain event happens in the GitHub repos (eg: a pull request), GitHub Actions allows users to execute workflows and tasks automatically.
- Implications : Hackers could potentially run up to 100 threads, which causes a huge server overload. There are no known threats to the GitHub users — only to GitHub’s infrastructure.
- How was it detected: Security Analysts found some users with hundreds of pull request in a short span of time — and these contained some malicious code.
Links and More
Read the story here.
Link to technical write-up on this story here.
Link to githubs automated workflow and how it works .