Security News > 2023 > January > Hackers can use GitHub Codespaces to host and deliver malware
Researchers have demonstrated how threat actors can abuse the GitHub Codespaces' port forwarding' feature to host and distribute malware and malicious scripts.
In a new report by Trend Micro, researchers demonstrate how GitHub Codespaces can easily be configured to act as a web server for distributing malicious content while potentially avoiding detection as the traffic comes from Microsoft.
GitHub Codespaces allows developers to forward TCP ports to the public so external users can test or view the applications.
The analysts say that while HTTP is used by default in the Codespaces port-forwarding system, developers can set it to HTTPS, increasing the illusion of security for the URL. Because GitHub is a trusted space, antivirus tools are less likely to raise alarms so that the threat actors can evade detection at a minimal cost.
Trend Micro analysts also explore abusing Dev Containers in GitHub Codespaces to make their malware distribution operations more efficient.
Attackers can easily abuse GitHub Codespaces in serving malicious content at a rapid rate by exposing ports publicly on their codespace environments. Since each created Codespace has a unique identifier, the subdomain associated is unique as well," explains Trend Micro in the report.
News URL
Related news
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign (source)
- Fake LDAPNightmware exploit on GitHub spreads infostealer malware (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- Hacker infects 18,000 "script kiddies" with fake malware builder (source)