Security News > 2023 > January > Hackers Can Abuse Legitimate GitHub Codespaces Feature to Deliver Malware

New research has found that it is possible for threat actors to abuse a legitimate feature in GitHub Codespaces to deliver malware to victim systems.

"You can also forward a port manually, label forwarded ports, share forwarded ports with members of your organization, share forwarded ports publicly, and add forwarded ports to the codespace configuration," GitHub explains in its documentation.

GitHub Codespaces uses HTTP for port forwarding.

Cybersecurity firm Trend Micro found that such publicly-shared forwarded ports could be exploited to create a malicious file server using a GitHub account.

In a proof-of-concept exploit demonstrated by Trend Micro, a threat actor could create a codespace and download malware from an attacker-controlled domain to the environment, and set the visibility of the forwarded port to public, essentially transforming the application to act as a web server hosting rogue payloads.

Attackers can easily abuse GitHub Codespaces in serving malicious content at a rapid rate by exposing ports publicly on their codespace environments," the researchers explained.

News URL

https://thehackernews.com/2023/01/hackers-can-abuse-legitimate-github.html