Security News > 2022 > July > Cloud-based Cryptocurrency Miners Targeting GitHub Actions and Azure VMs

GitHub Actions and Azure virtual machines are being leveraged for cloud-based cryptocurrency mining, indicating sustained attempts on the part of malicious actors to target cloud resources for illicit purposes.

"Attackers can abuse the runners or servers provided by GitHub to run an organization's pipelines and automation by maliciously downloading and installing their own cryptocurrency miners to gain profit easily," Trend Micro researcher Magno Logan said in a report last week.

GitHub Actions is a continuous integration and continuous delivery platform that allows users to automate the software build, test, and deployment pipeline.

The Japanese company said it identified no fewer than 1,000 repositories and over 550 code samples that are taking advantage of the platform to mine cryptocurrency using the runners provided by GitHub, which has been notified of the issue.

Cryptojacking-oriented groups are known to infiltrate cloud deployments through the exploitation of a security flaw within target systems, such as an unpatched vulnerability, weak credentials, or a misconfigured cloud implementation.

Some of the prominent actors in the illegal cryptocurrency mining landscape include 8220, Keksec, Kinsing, Outlaw, and TeamTNT. The malware toolset is also characterized by the use of kill scripts to terminate and delete competing cryptocurrency miners to best abuse the cloud systems to their own advantage, with Trend Micro calling it a battle "Fought for control of the victim's resources."

News URL

https://thehackernews.com/2022/07/cloud-based-cryptocurrency-miners.html