Ethical Hacking News Hubb
Advertisement Banner
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Ethical Hackers

Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub

admin by admin
January 6, 2023
in Ethical Hackers


Jan 06, 2023Ravie LakshmananCryptocurrency / GitHub

A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN.

The group “primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their crypto mining operations,” Palo Alto Networks Unit 42 researchers William Gamazo and Nathaniel Quist said.

PURPLEURCHIN first came to light in October 2022 when Sysdig disclosed that the adversary created as many as 30 GitHub accounts, 2,000 Heroku accounts, and 900 Buddy accounts to scale its operation.

Now according to Unit 42, the cloud threat actor group created three to five GitHub accounts every minute at the height of its activity in November 2022, totally setting up over 130,000 bogus accounts across Heroku, Togglebox, and GitHub.

More than 22,000 GitHub accounts are estimated to have been created between September and November 2022, three in September, 1,652 in October, and 20,725 in November. A total of 100,723 unique Heroku accounts have also been identified.

The cybersecurity company also termed the abuse of cloud resources as a “play and run” tactic designed to avoid paying the platform vendor’s bill by making use of falsified or stolen credit cards to create premium accounts.

Its analysis of 250GB of data puts the earliest sign of the crypto campaign at least nearly 3.5 years ago in August 2019, identifying the use of more than 40 wallets and seven different cryptocurrencies.

Freejacking Campaign

The core idea that undergirds PURPLEURCHIN is the exploitation of computational resources allocated to free and premium accounts on cloud services in order to reap monetary profits on a massive scale before losing access for non-payment of dues.

Besides automating the account creation process by leveraging legitimate tools like xdotool and ImageMagick, the threat actor has also been found to take advantage of weakness within the CAPTCHA check on GitHub to further its illicit objectives.

Freejacking Campaign

This is accomplished by using ImageMagick’s convert command to transform the CAPTCHA images to their RGB complements, followed by using the identify command to extract the skewness of the red channel and selecting the smallest value.

Once the account creation is successful, Automated Libra proceeds to create a GitHub repository and deploys workflows that make it possible to launch external Bash scripts and containers for initiating the crypto mining functions.

The findings illustrate how the freejacking campaign can be weaponized to maximize returns by increasing the number of accounts that can be created per minute on these platforms.

“It is important to note that Automated Libra designs their infrastructure to make the most use out of CD/CI tools,” the researchers concluded.

“This is getting easier to achieve over time, as the traditional VSPs are diversifying their service portfolios to include cloud-related services. The availability of these cloud-related services makes it easier for threat actors, because they don’t have to maintain infrastructure to deploy their applications.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Find Microsoft Exchange Instance For A Given Domain And Identify The Exact Version

Next Post

20 statistiche sulle truffe sentimentali

Next Post

20 statistiche sulle truffe sentimentali

Recommended

An Unconventional Windows Reverse Shell, Currently Undetected By Microsoft Defender And Various Other AV Solutions, Solely Based On Http(S) Traffic

6 months ago

How to watch Fury vs Chisora online from anywhere

2 months ago

© 2022 Ethical Hacking News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Ethical Hackers
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact

© 2022 Ethical Hacking News Hubb All rights reserved.