Hackers exploit GitHub, Heroku and Buddy services to mine crypto

Share post:

The threat actor behind a malicious campaign called “Purpleurchin” is exploiting free GitHub, Heroku and Buddy services to mine crypto at the provider’s expense.

The malicious campaign, described as automated and large-scale “freejacking,” relies on exploiting the limited resources offered to free-tier cloud accounts to make a tiny profit from each account.

The cryptocurrency chosen by the threat actors is only marginally profitable, and researchers believe that the operation is either in an early experimental phase or trying to take control of blockchains by creating a network control majority of 51%.

The attacker uses CI/CD service providers such as GitHub (300 accounts), Heroku (2,000 accounts), and Buddy.works (900 accounts) to carry out over a million function calls daily. Attackers rotate the use of these accounts over 130 Docker Hub images with mining containers. To remain undetected, Purpleurchin disguises the attack process at all operational levels.

Investigating Purpleurchin’s operation, the researchers identified a linuxapp container ‘) as the core of its operation. The container acts as a command-and-control server (C2) and Stratum server that coordinates all active mining agents and directs them to the threat actor’s mining pool.

To automate the creation of GitHub accounts, create a repository, and replicate the workflow using GitHub actions, a shell script (‘userlinux8888’) is used. All GitHub are obfuscated using random strings for the names.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, Week in Review for week ending Friday, Feb. 23, 2024

This episode features discussion on the takedown of the LockBit ransomware gang

Breaking news: RCMP facing ‘alarming’ cyber attack

The RCMP is facing a serious cyber attack from an unspecified threat actor. The Mounties told CBC News today that a “breach of this magnitude is alarming.” “The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” a spokesperson

Leaked documents may show the inside of China’s hacking strategy

Documents apparently stolen by disgruntled employees to embarrass their firm may give insight into China's cyber

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways