Hackers use GitHub servers to mine cryptocurrency
By Bob Garcia
A software engineer from France discovered the activity late last year
Hackers have long been a headache for many platforms, especially those that are based on monetary and high-value systems. This time, it seems that the GitHub cloud was used by hackers with the intention of covertly mining different cryptocurrencies.
The suspicious activity was first detected by a French software engineer in November of last year and confirmed by the team in charge of the GitHub repository last week in an email. In order to successfully hack the system, a GitHub function called GitHub Shares was exploited to allow access. This function typically gives users the option to automatically execute tasks triggered by a specific event occurring within their repositories.
The way in which the attack was carried out consisted of forking an existing repository, then adding different elements of GitHub actions to the original code, and then finally being able to submit a pull request, masquerading as a legitimate repository without any kind of testing.
It seems that, using this method, there was no need for the original project owner to approve the mining request since once the whole process was completed, the cryptographic mining software would run without any inconvenience.
Dutch security engineer Justin Perdok added that “attackers spin up to 100 crypto-miners via one attack alone, creating huge computational loads for GitHub’s infrastructure.” According to the report of this attack, the hackers’ intention was not to damage the repositories at all, but rather to obtain free coins using the GitHub servers. Through some screenshots, it’s been shown how SRBMiner, software commonly used to mine multiple cryptocurrencies through easy-to-buy consumer hardware, was used to carry out the mining operation.