GitHub Reacts to Growing Cryptocurrency Mining Attacks Using GitHub Actions
Like
by
As the market capitalization of cryptocurrency surged from $190 billion in January of 2020 to $2 trillion in April of 2021, it s become profitable for bad actors to make a full time job of attacking the free tiers of platform-as-a-service providers.
Chartier describes how an attacker can abuse GitHub Actions
cron feature to create new commits every hour with the aim to mine cryptocurrencies.
Because developers can run arbitrary code on our servers, they often violate our terms of service to run cryptocurrency miners as a build step for their websites.
According to Chartier, one strategy to reduce the chances of being detected that is becoming popular is using a headless browser for these attacks.