Security News > 2022 > October > Purpleurchin cryptocurrency miners spotted scouring free GitHub, Heroku accounts
A stealthy cryptocurrency mining operation has been spotted using thousands of free accounts on GitHub, Heroku and other DevOps outfits to craft digital tokens.
Sysdig estimated each of those 30 free GitHub accounts cost the Microsoft-owned giant $15 per month, and the free tier accounts from Heroku, Buddy and others cost providers between $7 and $10 per month.
Purpleurchin may be in it for the coin, Morin suggested, though it is worth noting that the cryptocurrencies the gang currently mines - Tidecoin Onyx, Surgarchain, Sprint, Yenten, Arionum, MintMe and Bitweb - have low profit margins.
It's also possible that Purpleurchin is using its mining operations to prepare for a larger heist, in which they attack the underlying blockchain and steal millions of dollars worth of cryptocurrency.
To automate the workflow, Purpleurchin creates a GitHub account and repository and then executes a shell script, which executes GitHub Actions to run mining operations and tries to disguise these operations by naming them with random strings.
This is notable, we're told, because miners usually use XMRig downloaded straight from GitHub.