Security News > 2023 > January > Hackers Can Abuse Legitimate GitHub Codespaces Feature to Deliver Malware
New research has found that it is possible for threat actors to abuse a legitimate feature in GitHub Codespaces to deliver malware to victim systems.
"You can also forward a port manually, label forwarded ports, share forwarded ports with members of your organization, share forwarded ports publicly, and add forwarded ports to the codespace configuration," GitHub explains in its documentation.
GitHub Codespaces uses HTTP for port forwarding.
Cybersecurity firm Trend Micro found that such publicly-shared forwarded ports could be exploited to create a malicious file server using a GitHub account.
In a proof-of-concept exploit demonstrated by Trend Micro, a threat actor could create a codespace and download malware from an attacker-controlled domain to the environment, and set the visibility of the forwarded port to public, essentially transforming the application to act as a web server hosting rogue payloads.
Attackers can easily abuse GitHub Codespaces in serving malicious content at a rapid rate by exposing ports publicly on their codespace environments," the researchers explained.
News URL
https://thehackernews.com/2023/01/hackers-can-abuse-legitimate-github.html
Related news
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn (source)