silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,057
Researchers have demonstrated how threat actors can abuse the GitHub Codespaces' port forwarding' feature to host and distribute malware and malicious scripts.
GitHub Codespaces allows developers to deploy cloud-hosted IDE platforms in virtualized containers to write, edit, and test/run code directly within a web browser.
In a new report by Trend Micro, researchers demonstrate how GitHub Codespaces can easily be configured to act as a web server for distributing malicious content while potentially avoiding detection as the traffic comes from Microsoft.
"To validate our hypothesis of threat modeling abuse scenario, we ran a Python-based HTTP server on port 8080, forwarded and exposed the port publicly," reads the Trend Micro report.
"In the process, we easily found the URL and the absence of cookies for authentication."
Hackers can use GitHub Codespaces to host and deliver malware
GitHub Codespaces, a cloud-hosted integrated development environment (IDE), has a port forwarding feature that malicious actors can abuse to host and distribute malware to unaware developers.
www.bleepingcomputer.com