Microsoft's developer platform GitHub is looking for a way with which functions do not have to be restricted, but the offer can no longer be abused by attackers for crypto mining.
Corresponding attacks have occurred several times since last autumn, reports The Record magazine. The focus was on a feature called GitHub Actions, which allows users to automate tasks that occur regularly. This was used here to smuggle foreign code into repositories without the actual developers noticing this directly.
The attackers created a fork of the original project and integrated the malicious code into it. Using a pull request, they then brought it back together with the original code. This was possible without the actual operator of the project having to give consent.
However, this was not made possible by a security gap that would have been caused by the platform operator. Rather, the operators of the respective development projects had themselves created GitHub Actions scripts with which code was automatically fetched under certain conditions. That could now be used to smuggle in malicious code.
Damage only to Microsoft
The attackers didn't dwell long hoping that the software in question would eventually end up on users' computers and be used there for cryptomining. Instead, the routines were implemented in such a way that GitHub itself started a virtual machine in the Microsoft cloud, which then did the corresponding task.
The GitHub team has known this procedure for some time, according to its own information. However, there is currently no final solution. Since the attacks do not represent any direct damage to the development projects, but "only" target the GitHub infrastructure, they have so far limited themselves to finding and deactivating the attackers' accounts, which appear again and again, instead of shutting down entire features.
0 Comments