Updated on 2022-10-27: PurpleUrchin freejacking campaign
Researchers from cloud security firm Sysdig published details on PurpleUrchin, a threat actor that registers free or trial accounts on CI/CD platforms to mine cryptocurrency using their servers. Abused services include GitHub, Heroku, Buddyworks, BitBucket, CircleCI, Semaphore, and others. The company called this technique “freejacking.” Read more: Sysdig TRT uncovers massive cryptomining operation leveraging GitHub Actions
Overview
Sysdig researchers spotted a large-scale freejacking campaign—conducted by the Purpleurchin threat actor—abusing free GitHub, Buddy, and Heroku services for cryptomining. Read more: Sysdig TRT uncovers massive cryptomining operation leveraging GitHub Actions
