Recently, a secretive crypto mining operation capitalizing on underhanded methods to create less popular digital tokens has been discovered.
With sophisticated automation and tactics, this mining organization utilizes multiple free GitHub accounts to create a series of ambiguous tokens that acts as the foundation for its full-scale plan that involves mining well-known tokens.
Data from a security research platform, The Register, revealed that GitHub is one of the many code-hosting platforms being exploited.
Over two thousand Heroku DevOps accounts and more than 900 free Buddy accounts are being used to perform these illegal activities. GitHub is well known for prohibiting the use of its cloud resources for the illegal mining of digital tokens.
The Purpleurchin Operation
The operation, which the Sysdig Threat Research Team discovered, has been dubbed Purpleurchin.
The organization behind Purpleurchin uses a technique called “FreeJacking” – This technique evades security bots provided by cloud and continuous integration and deployment (CI/CD) service providers.
Once a security bot is avoided, the criminals behind Purpleurchin capture the cloud resources issued to free trial accounts on GitHub and Heroku.
“These cloud resources are seized and used up within a few days. Once the free-tier account limit is reached, the criminals delete the free accounts”, a researcher said.
A report by The Register details the process used by Purpleurchin. “OpenVPN is used to create multiple IP addresses, and another technology is used to bypass the CAPTCHA and speech recognition security system. This renders useless the efforts of the GitHub security team.”
According to Morin, a researcher at the Sysdig Threat Research Department, the Purpleurchin operation has succeeded in mining digital tokens like Yenten, Tidecoin Onyx, MintMe, Arionum, and more.
But, these tokens can only generate low net profits. They are suspicious that Purpleurchin is testing the waters by stealing low-profit tokens.
Instead, researchers suggest that Purpleurchin is planning a large-scale invasion of the blockchain world that could lead to the loss of millions of cryptocurrencies.
It is estimated that each of the free GitHub accounts used by the Purpleurchin organization causes Microsoft to lose about $15 every month. On the other hand, Heroku and Buddy lose $7 and $10 each month, respectively.
According to Crystal Morin, “It would cost a provider more than $100,000 for a threat actor to mine one Monero (XMR)”. Hence, this is terrible news for legit paying clients using GitHub or other platforms affected by the Purpleurchin operation.
Thus, service providers like Heroku, GitHub, and Buddy will increase the price of their services to reduce losses, thereby making it expensive for legit businesses.
In addition, the illegal mining of tokens will drastically reduce the performance of the services offered by GitHub.