Security News > 2022 > October > Massive cryptomining campaign abuses free-tier cloud dev resources
An automated and large-scale 'freejacking' campaign abuses free GitHub, Heroku, and Buddy services to mine cryptocurrency at the provider's expense.
The operation relies on abusing the limited resources offered to free-tier cloud accounts to generate a tiny profit from each free account, which, when combined, becomes something more significant.
In a new report by Sysdig, researchers explain that the core of the operation is a linuxapp container that acts as the command and control server and Stratum server, coordinating all active mining agents and directing them to the threat actor's mining pool.
Eventually, another script will validate the configuration on the Stratum server, receive the Docker command contained in the GitHub repository, and start the miner container.
The miner uses a tiny part of the server's CPU power to stealthily mine a range of crypto coins such as Tidecoin, Onyx, Surgarchain, Sprint, Yenten, Arionum, MintMe, and Bitweb.
The mining process employs a custom Stratum mining protocol relay that hampers network scanners' ability to discover the outbound connections to mining pools.