GitHub Actions and Azure virtual machines (VMs) are being leveraged for cloud-based cryptocurrency mining, indicating sustained attempts on the part of malicious actors to target cloud resources for illicit purposes. “Attackers can abuse the runners or servers provided by GitHub to run an organization’s pipelines and automation by maliciously downloading and installing their own cryptocurrency miners to gain profit easily,” Trend Micro researcher Magno Logan said in a report last week. GitHub Actions (GHAs) is a continuous integration and continuous delivery (CI/CD) platform that allows users to automate the software build, test, and deployment pipeline. Developers can leverage the feature to create workflows that build and test every pull request to a code repository, or deploy merged pull requests to production. Both Linux and Windows runners are hosted on Standard_DS2_v2 virtual machines on Azure and come with two vCPUs and 7GB of memory. The Japanese company said it identified no fewer than 1,000 repositories and over 550 code samples that are taking advantage of the platform to mine cryptocurrency using the runners provided by GitHub. The Microsoft-owned code hosting service has been notified of the issue.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.