A mysterious automated cryptocurrency mining operation is allegedly using over 30 free GitHub accounts to churning out obscure tokens in a suspected dry run before turning its attention to more well-known currencies. It turns out.
according to report From The Register, an operation called Purpleurchin uses GitHub accounts along with over 2,000 Heroku accounts and over 900 Buddy DevOps accounts to power its mining efforts.
This tactic is called “freejacking” and involves hijacking computing power allocated to free trial accounts of continuous integration and deployment (CI/CD) service platforms.
researcher The team in charge so far Mined a few lesser-known tokensSugarchain, Tidecoin Onyx, Yenten, Sprint and Bitweb, so the profit margin is very low.
However, it is suspected that they are only gearing up and that they are using their relatively small-scale scheme as a smoke screen to aim for something much more lucrative. In theory, it could even be an attack on the underlying blockchain that could make millions of dollars in Bitcoin or Monero.
“I can say with moderate confidence that Actors are experimenting with different coins‘, the researchers told The Register (our emphasis).
“This large-scale operation could serve as a decoy for other malicious activity.”
Purpleurchin conspiracy could put real users out of pocket
Even though providers like GitHub use a number of tactics to combat such attacks, including increasingly complex CAPTCHA forms and requesting credit card information. This team is considered particularly sophisticated.
Free GitHub accounts each cost platform owner Microsoft $15 a month, while Heroku and Buddy free accounts cost around $10, according to the researchers.
“At these rates, Threat Actors Cost Providers Over $100,000 To Mine One Monero (XMR),” an expert told The Register.
Unfortunately, for legitimate cloud service users, these costs can be passed on by GitHub and others. Finally, cover the shortfalls. Illegal mining operations can also occupy resources that reduce the performance offered to paying customers.