Hackers exploit GitHub, Heroku and Buddy services to mine crypto

Share post:

The threat actor behind a malicious campaign called “Purpleurchin” is exploiting free GitHub, Heroku and Buddy services to mine crypto at the provider’s expense.

The malicious campaign, described as automated and large-scale “freejacking,” relies on exploiting the limited resources offered to free-tier cloud accounts to make a tiny profit from each account.

The cryptocurrency chosen by the threat actors is only marginally profitable, and researchers believe that the operation is either in an early experimental phase or trying to take control of blockchains by creating a network control majority of 51%.

The attacker uses CI/CD service providers such as GitHub (300 accounts), Heroku (2,000 accounts), and Buddy.works (900 accounts) to carry out over a million function calls daily. Attackers rotate the use of these accounts over 130 Docker Hub images with mining containers. To remain undetected, Purpleurchin disguises the attack process at all operational levels.

Investigating Purpleurchin’s operation, the researchers identified a linuxapp container ‘) as the core of its operation. The container acts as a command-and-control server (C2) and Stratum server that coordinates all active mining agents and directs them to the threat actor’s mining pool.

To automate the creation of GitHub accounts, create a repository, and replicate the workflow using GitHub actions, a shell script (‘userlinux8888’) is used. All GitHub are obfuscated using random strings for the names.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Hamilton Estimates $52 Million to Rebuild IT Systems After Ransomware Attack

The city of Hamilton plans to spend $52 million over the next three years to rebuild and secure...

Avery Data Breach: Credit Card Skimmer Affects Over 61,000 Customers

Label maker Avery has disclosed a data breach affecting 61,193 customers, caused by a credit card skimmer that...

Scammed Company Ordered to Pay $190k for Fraudulent Invoice Payment

A hacker gained access to Mobius Group’s email system and sent instructions from a legitimate email address, directing...

Sneaky 2FA: A Sophisticated Attack Defeats Both 2FA and Phishing Protections

A new phishing kit, ominously named "Sneaky 2FA," has emerged, targeting Microsoft 365 users by bypassing two-factor authentication...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways