Cryptojacking Campaign Employs Deleted GitHub Account and Unofficial GitHub CDN

Cryptojacking

Cryptojacking Campaign Employs Deleted GitHub Account and Unofficial GitHub CDN

Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers do this by either getting the victim to click on a malicious link in an email that loads crypto mining code on the computer, or by infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser.

Either way, the crypto mining code then works in the background as unsuspecting victims use their computers normally.

Cybercriminals appear to have an obsession with abusing GitHub and GitHub-related services to hide in-browser cryptocurrency mining scripts that they later use on hacked sites.

There have been quite a few cryptojacking campaigns in the past months where crooks abused GitHub. The first of these incidents was reported back in December 2017 when hackers abused the code-sharing site by uploading cryptojacking scripts on GitHub accounts and then loading them on hacked sites via the GitHub.io domain.

 

 

Cryptojacking

 

Cryptojackers abuse RawGit CDN

 

Now, researchers from cyber-security firm Sucuri say they’ve found another, more clever way, in which crooks abused not GitHub, but an unofficial GitHub-related service.

This service is RawGit, a CDN service that caches GitHub files indefinitely, even after the original file has been deleted from GitHub or the GitHub user has deleted his account.

Sucuri says that a recent cryptojacking operation has uploaded a version of the Crypto-Loot in-browser miner on a GitHub account named jdobt, cached the cryptojacking script inside RawGit, and then deleted the original GitHub account.

That attacker later embedded this cryptojacking script on hacked sites using the RawGit URL, a domain that’s not usually considered suspicious and susceptible to additional scans by security software.

 

RawGit

 

RawGit’s fast abuse department foils attackers’ scheme

 

But while the three previous cryptojacking campaigns that leveraged GitHub domains were somewhat successful, this one appears to be a colossal failure, and for two very different reasons.

First, the crooks appear to have hit a snag with embedding the Crypto-Loot script on hacked sites. Sucuri says the script failed to actually load, execute, and generate profit for the operators.

Second, Sucuri says that the RawGit team was incredibly fast and responsive when it came to abuse reports, taking down the cached URLs within a matter of hours after the initial report.

The person or group behind this campaign might have thought he found a clever way to keep scripts online even after files were deleted from Github, but he apparently didn’t take into account RawGit’s quick response and its staff’s dedication to keeping their CDN free of any malware.

 

CDN

 

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Internet Of Things Training

Internet Of Things Training Hyderabad

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 


Show Buttons
Hide Buttons