Those behind the campaign are tailoring the Monero cryptojacking malware to use a limited amount of CPU power in order to evade infections being detected.
Cybercriminals have found another way to spread their malware: uploading cryptocurrency mining code to GitHub, according to security researchers at security company Avast.
Developers 'fork' projects on GitHub, which means making a copy of someone else's project in order to build on it. In this case, the cybercriminals fork random projects and then hide malicious executables in the directory structure of these new projects,
the researchers said.
Users don't need to download the malicious executables directly from GitHub. Instead, the malware is spread via a phishing ad campaign. When a user visits a site that displays the phishing ads and clicks on one, the executable downloads, the researchers said.
If the user clicks on one of these adverts, they're told their Flash Player is out of date and provided with a fake update which, if downloaded, will infect them with the malware. This update is provided via a redirect to GitHub, where the code is hosted, hidden in forked projects.
While hosting malware on GitHub is described by researchers as "unusual", they point to it being beneficial to the attackers because it offers unlimited bandwidth.
