Skip to Content

PurpleUrchin freejacking campaign

Updated on 2022-10-27: PurpleUrchin freejacking campaign

Researchers from cloud security firm Sysdig published details on PurpleUrchin, a threat actor that registers free or trial accounts on CI/CD platforms to mine cryptocurrency using their servers. Abused services include GitHub, Heroku, Buddyworks, BitBucket, CircleCI, Semaphore, and others. The company called this technique “freejacking.” Read more: Sysdig TRT uncovers massive cryptomining operation leveraging GitHub Actions

Overview

Sysdig researchers spotted a large-scale freejacking campaign—conducted by the Purpleurchin threat actor—abusing free GitHub, Buddy, and Heroku services for cryptomining. Read more: Sysdig TRT uncovers massive cryptomining operation leveraging GitHub Actions

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.