{"id":40114,"date":"2021-04-05T09:54:34","date_gmt":"2021-04-05T06:54:34","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=40114"},"modified":"2025-08-30T12:40:55","modified_gmt":"2025-08-30T09:40:55","slug":"github-servers-used-for-cryptocurrency-mining","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/github-servers-used-for-cryptocurrency-mining\/","title":{"rendered":"GitHub servers used for cryptocurrency mining"},"content":{"rendered":"

The GitHub service for hosting IT projects is investigating a series of attacks on its cloud infrastructure, which allowed unknown actors to use the company’s servers to mine cryptocurrency. The Record reports<\/a>.<\/p>\n

Attacks have continued since autumn 2020. Cybercriminals abuse the GitHub Actions infrastructure. It enables automating workflows when certain events occur in GitHub user repositories, for example [simple_tooltip content=\\”request to merge changes from a user branch into the main branch of the original repository\\”]Pull Request[\/simple_tooltip].<\/p>\n

\n

“The attack involves branching a legitimate GitHub repository, adding malicious actions to the source code, and then submitting a pull request to merge into the original repository,” said information security expert Justin Perdok.<\/p>\n<\/blockquote>\n

GitHub’s systems then read the malicious code and spin up a virtual machine with applications for cryptocurrency mining.<\/p>\n

According to Perdok, in a single attack the attackers can deploy up to 100 crypto miners, creating enormous computational loads on GitHub’s infrastructure.<\/p>\n

\n

One of my repo\u2019s just got hit with a similar attack. Account in question has a bunch of other open PR\u2019s that currently have miners running. https:\/\/t.co\/PZxApykuO9<\/a> pic.twitter.com\/zugl7mFK0K<\/a><\/p>\n

\u2014 Justin Perdok (@JustinPerdok) April 2, 2021<\/a><\/p>\n<\/blockquote>\n