Security News > 2023 > January > Hackers can use GitHub Codespaces to host and deliver malware

Researchers have demonstrated how threat actors can abuse the GitHub Codespaces' port forwarding' feature to host and distribute malware and malicious scripts.

In a new report by Trend Micro, researchers demonstrate how GitHub Codespaces can easily be configured to act as a web server for distributing malicious content while potentially avoiding detection as the traffic comes from Microsoft.

GitHub Codespaces allows developers to forward TCP ports to the public so external users can test or view the applications.

The analysts say that while HTTP is used by default in the Codespaces port-forwarding system, developers can set it to HTTPS, increasing the illusion of security for the URL. Because GitHub is a trusted space, antivirus tools are less likely to raise alarms so that the threat actors can evade detection at a minimal cost.

Trend Micro analysts also explore abusing Dev Containers in GitHub Codespaces to make their malware distribution operations more efficient.

Attackers can easily abuse GitHub Codespaces in serving malicious content at a rapid rate by exposing ports publicly on their codespace environments. Since each created Codespace has a unique identifier, the subdomain associated is unique as well," explains Trend Micro in the report.

News URL

https://www.bleepingcomputer.com/news/security/hackers-can-use-github-codespaces-to-host-and-deliver-malware/