Github Actions Would Prevent Hackers To Use Github Projects For Cryptomining

Github

Microsoft’s developer platform GitHub is looking for a way with which functions do not have to be restricted, but the offer can no longer be abused by attackers for crypto mining.

Corresponding attacks have occurred several times since last autumn, reports The Record. The focus was on a feature called GitHub Actions, which allows users to automate tasks that occur regularly. This was used here to smuggle foreign code into repositories without the actual developers noticing this directly.

The attackers created a fork of the original project and integrated the malicious code into it. Using a pull request, they then brought it back together with the original code. This was possible without the actual operator of the project has to give consent.

Earlier: Github Faces Backlash After Firing Jewish Employee

However, this was not made possible by a security gap that would have been caused by the operator of the platform. Rather, the operators of the respective development projects had created GitHub Actions scripts themselves, with which code was automatically fetched under certain conditions. That could now be used to smuggle in malicious code.

Damage Is Only To Github

The attackers didn’t dwell long hoping that the software in question would eventually end up on users’ computers and be used for crypto-mining. Instead, the routines were implemented in such a way that GitHub itself started a virtual machine in the Microsoft cloud, which then did the corresponding task.

The GitHub team has known this procedure for some time, according to its own information. However, there is currently no final solution. Since the attacks do not represent any direct damage to the development projects, but “only” target the GitHub infrastructure, they have so far limited themselves to finding and deactivating the attackers’ accounts that appear again and again, instead of shutting down entire features.

Leave a Reply

Your email address will not be published. Required fields are marked *