Security News > 2021 > April > GitHub Actions being actively abused to mine cryptocurrency on GitHub servers
GitHub Actions is currently being abused by attackers to mine cryptocurrency on GitHub's servers in an automated attack.
This week, according to a Dutch security engineer Justin Perdok, attackers have targeted GitHub repositories that use GitHub Actions to mine cryptocurrency.
As soon as a Pull Request is created for the original project, GitHub's systems would execute the attacker's code which instructs GitHub servers to retrieve and run a crypto miner.
After publishing this article, BleepingComputer came across more copycat attacks currently happening, in which suspicious Pull Requests are being filed, targeting projects that use GitHub Actions.
This isn't the first time an attack leveraging GitHub infrastructure has abused GitHub Actions.
Last year, BleepingComputer also reported on GitHub being abused to host a wormable botnet Gitpaste-12 which returned the following month with over 30 exploits.
News URL
Related news
- GitHub Enterprise Server vulnerable to critical auth bypass flaw (source)
- You probably want to patch this critical GitHub Enterprise Server bug now (source)
- GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges (source)
- Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) (source)
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)