Automated attack abuses GitHub Actions to mine cryptocurrency



GitHub Actions has been abused by attackers to mine cryptocurrency using GitHub’s servers in an automated attack.

GitHub Actions is a CI/CD solution that makes it easy to automate all your software workflows and setup periodic tasks.

The particular attack adds malicious GitHub Actions code to repositories forked from legitimate ones, and further creates a Pull Request for the original repository maintainers to merge the code back, to alter the original code.

Read more…