GitHub, a provider of Internet hosting for software development, is investigating an attack against its cloud infrastructure that involved cryptocurrency mining malware, GitHub's spokesperson told The Record. The bad actors have been attacking GitHub since the fall of 2020. The company's representative says the attackers abused a GitHub feature called GitHub Actions so that they could automatically execute tasks under certain conditions inside GitHub repositories.
Subscribe to our Telegram channel to stay up to date on the latest crypto and blockchain news.
The attack involves forking a legitimate GitHub repository, adding malicious elements to the source code, and then sending a pull request to the original repository that downloads and runs cryptocurrency-mining software on GitHub’s infrastructure.
One of the victim's, who has had repositories abused similarly, said there was up to 100 cryptocurrency miners via one attack alone, which create "huge computational loads" for GitHub’s infrastructure. GitHub's representative told The Record the company is aware of this activity and is "actively investigating" the case.
Last April, GitHub announced plans for burying the source code of Bitcoin Core, the most popular network client, under 250 meters of Arctic ice in an abandoned Norwegian coal mine. GitHub's representatives wanted to make sure people can learn about the current level of technological development in the future.
Access more than 50 of the world's financial markets directly from your EXANTE account – including NASDAQ, London Stock Exchange and Tokyo Stock Exchange.