Security News > 2023 > January > Hackers can use GitHub Codespaces to host and deliver malware
Researchers have demonstrated how threat actors can abuse the GitHub Codespaces' port forwarding' feature to host and distribute malware and malicious scripts.
In a new report by Trend Micro, researchers demonstrate how GitHub Codespaces can easily be configured to act as a web server for distributing malicious content while potentially avoiding detection as the traffic comes from Microsoft.
GitHub Codespaces allows developers to forward TCP ports to the public so external users can test or view the applications.
The analysts say that while HTTP is used by default in the Codespaces port-forwarding system, developers can set it to HTTPS, increasing the illusion of security for the URL. Because GitHub is a trusted space, antivirus tools are less likely to raise alarms so that the threat actors can evade detection at a minimal cost.
Trend Micro analysts also explore abusing Dev Containers in GitHub Codespaces to make their malware distribution operations more efficient.
Attackers can easily abuse GitHub Codespaces in serving malicious content at a rapid rate by exposing ports publicly on their codespace environments. Since each created Codespace has a unique identifier, the subdomain associated is unique as well," explains Trend Micro in the report.
News URL
Related news
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Hackers deploy AI-written malware in targeted attacks (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)