- The CI/CD solution providing server, GitHub, faces the threat of attacks for mining crypto using the servers
- The Dutch security engineer has warned the GitHub servers to be attacked by malpractices
- Perdok, in his Twitter feed, has mentioned the 95 vulnerable GitHub maintainers profiles that are at risk
The actions of Github are recently highly abused by misusers who are trying to use the servers of GitHub to mine cryptocurrencies which is malicious activity. As we know, the main working principle of GitHub is to provide its users with a CI/CD solution that makes the workflow of the software and the periodic task setups automated. Such malicious attacks add wrong and dangerous codes to the GitHub sources, and these codes are wrongly forked from the legitimate codes on the server. These new malicious and overwritten codes create specific Pull Requests for the merger and replacement of the old principles with the new ones to the repositories’ maintainers. This completely changes the original code and creates a code that functions as per the hackers.
Dutch Security engineer has pre-mentioned about an attack
On the other hand, these Pull Requests do not need any action from the maintainer’s end for the attacker’s success. It has been recently pointed out on the BleepingComputers that a code with the name of an unknown crypto miner, npm.exe, has been observed from the server of FitLabs, and this was seen to be running with the wallet address of the attacker. Recently, a security engineer of a Dutch company has reported that a malicious attack has been planned on GitHub, which will be used to mine cryptocurrency using the servers of GitHub, and this proves to be dangerous. Measures should be taken to prevent it. This very attack will only be affecting the servers of GitHub, ruining its infrastructure by infecting its servers with malware which would result in the mining of crypto as per the interest of the attacker.
Pull Request motive of the attackers fulfilled by themselves
The attack has been planned so that it will initially fork any legitimate GitHub repository, followed by which it will input the malicious code in that very forked and action enabled repository of GitHub. Finally, it will generate a Pull Request wherein the maintainers will request to merge the original code with the malicious one. In a recent Twitter post shared by Perdok, there was mention that over 95 legitimate GitHub repositories are under the radar of the attackers. The main twist in the entire story is that the Pull Request sent to the maintainers does not precisely require their permission; Perdok added that even filling the request by the attacker can successfully initiate their plan.
We are sorry that this post was not useful for you!
Let us improve this post!
Tell us how we can improve this post?