Azure VMs, GitHub Actions under attack from cloud-based cryptominers

Malicious actors have been targeting Azure virtual machines and the GitHub Actions platform to facilitate cloud-based cryptocurrency mining and easily earn profits, The Hacker News reports. GitHub Actions is being exploited by at least 1,000 repositories and more than 550 code samples for cryptomining through GitHub's runners, while 11 repositories had YAML script variants with Monero mining commands, all of which are dependent on a single wallet, a Trend Micro report showed. However, such cloud-based cryptomining is not a significant concern, according to researcher Magno Logan. "For as long as the malicious actors only use their own accounts and repositories, end users should have no cause for worry... Problems arise when these GHAs are shared on GitHub Marketplace or used as a dependency for other Actions," wrote Logan. The findings come after Trend Micro first reported cryptominer deployment as a result of poor security practices. "The battle to take and retain control over a victim's servers is a major driving force for the evolution of these groups' tools and techniques, prompting them to constantly improve their ability to remove competitors from compromised systems and, at the same time, resist their own removal," said Trend Micro in an earlier report.