Security News > 2021 > April > Automated attack abuses GitHub Actions to mine cryptocurrency

GitHub Actions is currently being abused by attackers to mine cryptocurrency on GitHub's servers in an automated attack.
This week, according to a Dutch security engineer Justin Perdok, attackers have targeted GitHub repositories that use GitHub Actions to mine cryptocurrency.
As soon as a Pull Request is created for the original project, GitHub's systems would execute the attacker's code which instructs GitHub servers to retrieve and run a crypto miner.
After publishing this article, BleepingComputer came across more copycat attacks currently happening, in which suspicious Pull Requests are being filed, targeting projects that use GitHub Actions.
This isn't the first time an attack leveraging GitHub infrastructure has abused GitHub Actions.
Last year, BleepingComputer also reported on GitHub being abused to host a wormable botnet Gitpaste-12 which returned the following month with over 30 exploits.
News URL
Related news
- Recent GitHub supply chain attack traced to leaked SpotBugs token (source)
- SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack (source)
- PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks (source)
- That massive GitHub supply chain attack? It all started with a stolen SpotBugs token (source)