In recent reports, it has come forth that GitHub has initiated an inquiry to analyze the matter of a series of cyberattacks that are exploiting its base infrastructure to mine for cryptocurrency.

GitHub, the popular code repository hosting service has reportedly observed cyberattacks of such manner since the end of 2020.

These cyberattacks on GitHub were seemingly discovered by security researchers who reported the malicious activities on their repositories. 

GitHub user reports:

In a post covering a similar cyberattack, the recipient reported that he was supposedly attacked by a fellow GitHub user who designed a malicious command or action to initiate a crypto-mining code inside an action run. This was facilitated by triggering the receipt’s or victim’s GitHub Action due to a poor pull request.

Also read,

To the unaware, when a pull request is opened, a user is essentially proposing changes and requesting that someone review and pull in their contribution and merge them into their branch. Pull requests show differences in the content from both branches. 

Malicious actors were also reportedly exploiting the GitHub Actions feature which is an API deployed by the code repository hosting service that allows users to automate, customize and execute software development workflows in repositories, as was reported by trusted cybersecurity sources.

Experts are of the opinion that malicious actors are attacking repositories that have this feature enabled.

Once such a repository is detected, the threat actors add malicious GitHub Actions and fill malicious Pull Requests to execute the malicious attacker’s code.

Required investigation:

Security experts have noted that the investigation launched by GitHub holds credibility since there is at least one malicious actor who is attacking the repositories where Actions has been enabled.

The cyberattack involves forking a legitimate repository, adding malicious GitHub Actions to the original code, and then filing a Pull Request with the original repository to merge the infected code back into the original.

In the latest cyberattacks, threat actors have been found to be implementing their own malicious code to mine cryptocurrency miners on GitHub’s infrastructure.

As a result, the malicious actors could deploy hundreds of such miners.

Cyberattacks of this manner can have severe implications on GitHub’s infrastructure.